CVE-2020-36725
TI WooCommerce Wishlist <= 1.21.11 and TI WooCommerce Wishlist Pro <= 1.21.4 - Arbitrary Options Update
CVSS Score
8.8
EPSS Score
0.0%
EPSS Percentile
0th
The TI WooCommerce Wishlist and TI WooCommerce Wishlist Pro plugins for WordPress are vulnerable to an Options Change vulnerability in versions up to, and including, 1.21.11 and 1.21.4 via the 'ti-woocommerce-wishlist/includes/export.class.php' file. This makes it possible for authenticated attackers to gain otherwise restricted access to the vulnerable blog and update any settings.
| CWE | CWE-862 |
| Vendor | templateinvaders |
| Product | ti woocommerce wishlist pro |
| Published | Jun 7, 2023 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for templateinvaders ti woocommerce wishlist pro
Be the first to know when new high vulnerabilities affecting templateinvaders ti woocommerce wishlist pro are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
TemplateInvaders / TI WooCommerce Wishlist Pro
0 โค 1.21.4
templateinvaders / TI WooCommerce Wishlist
0 โค 1.21.11
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/d60b5741-5496-4e87-bcb0-adaa0db07d90?source=cve blog.nintechnet.com: https://blog.nintechnet.com/critical-zero-day-vulnerability-fixed-in-wordpress-ti-woocommerce-wishlist-plugin/ templateinvaders.com: https://templateinvaders.com/changelogs/ti-woocommerce-wishlist-plugin-changelog/ wpscan.com: https://wpscan.com/vulnerability/2e2fb815-7cca-4e6c-b466-179337fe99ee
Credits
Jerome Bruandet