Description
WordPress Plugin YITH WooCommerce Cart Messages is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently modify plugin options. WordPress Plugin YITH WooCommerce Cart Messages version 1.4.3 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.4.5 or latest
References
https://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-yit-plugin-framework/
https://plugins.svn.wordpress.org/yith-woocommerce-cart-messages/trunk/README.txt
Related Vulnerabilities
WordPress 4.4.x Arbitrary File Deletion Vulnerability (4.4 - 4.4.15)
WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-9033)
WordPress Plugin ShareThis:Free Sharing Buttons and Tools Cross-Site Request Forgery (7.0.5)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-2141)