Description
WordPress Plugin YITH WooCommerce Order Tracking is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently modify plugin options. WordPress Plugin YITH WooCommerce Order Tracking version 1.2.10 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.2.11 or latest
References
https://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-yit-plugin-framework/
https://plugins.svn.wordpress.org/yith-woocommerce-order-tracking/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin Swiss Toolkit For WP Security Bypass (1.0.7)
Vulnerable JavaScript libraries
WordPress Plugin WP Fastest Cache SQL Injection (0.8.7.4)
WordPress Plugin Job Manager Security Bypass (0.7.25)
Mailman Improper Restriction of Excessive Authentication Attempts Vulnerability (CVE-2021-42096)