Description
WordPress Plugin YITH WooCommerce Mailchimp is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently modify plugin options. WordPress Plugin YITH WooCommerce Mailchimp version 2.1.3 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.1.4 or latest
References
https://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-yit-plugin-framework/
https://plugins.svn.wordpress.org/yith-woocommerce-mailchimp/trunk/README.txt
Related Vulnerabilities
Moodle Resource Management Errors Vulnerability (CVE-2014-7847)
WordPress Plugin Adminer Cross-Site Scripting (1.4.2)
WordPress Plugin WP e-Commerce Predictive Search Cross-Site Scripting (1.1.1)
Dotclear Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-3232)
WordPress Plugin Rate my Post-WP Rating System Multiple Vulnerabilities (3.3.4)