vulnerability

WordPress Plugin: yith-woocommerce-recover-abandoned-cart: CVE-2019-16251: Missing Authorization

Severity
4
CVSS
(AV:N/AC:L/Au:S/C:N/I:P/A:N)
Published
Oct 31, 2019
Added
May 15, 2025
Modified
May 15, 2025

Description

Various versions of a various YITH WooCommerce plugins that use the YIT Plugin Framework through 3.3.8 are vulnerable to authorization bypass due to a missing capability check in the the 'save_toggle_element_options' function in .plugin-fw/lib/yit-plugin-panel-wc.php. This allows authenticated users with subscriber-level permissions or above to change arbitrary plugin settings.

Solution

yith-woocommerce-recover-abandoned-cart-plugin-cve-2019-16251
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.