Description
WordPress Plugin YITH WooCommerce Multi-step Checkout is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently modify plugin options. WordPress Plugin YITH WooCommerce Multi-step Checkout version 1.7.4 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.7.5 or latest
References
https://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-yit-plugin-framework/
https://plugins.svn.wordpress.org/yith-woocommerce-multi-step-checkout/trunk/readme.txt
Related Vulnerabilities
Internet Information Services Other Vulnerability (CVE-1999-0738)
WordPress Plugin All-in-One Event Calendar Cross-Site Scripting (2.4.0)
WordPress Plugin verwei.se-WordPress-Twitter Cross-Site Scripting (1.0.2)
PHP Other Vulnerability (CVE-2007-2369)
Oracle HTTP Server CVE-2018-2561 Vulnerability (CVE-2018-2561)