Vulnerabilities and security researches forti-woocommerce-wishlist ti-woocommerce-wishlist

Direction: ascending

Jun 06, 2024

TI WooCommerce Wishlist # CVE-2020-36725

CVE, Research URL: CVE-2020-36725
Home page URL: Security reports for TI WooCommerce Wishlist
Application: TI WooCommerce Wishlist
Date: Jun 07, 2023
Research Description: The TI WooCommerce Wishlist and TI WooCommerce Wishlist Pro plugins for WordPress are vulnerable to an Options Change vulnerability in versions up to, and including, 1.21.11 and 1.21.4 via the 'ti-woocommerce-wishlist/includes/export.class.php' file. This makes it possible for authenticated attackers to gain otherwise restricted access to the vulnerable blog and update any settings.
Affected versions: max 1.21.12.
Status: vulnerable

TI WooCommerce Wishlist # CVE-2022-0412

CVE, Research URL: CVE-2022-0412
Home page URL: Security reports for TI WooCommerce Wishlist
Application: TI WooCommerce Wishlist
Date: Feb 28, 2022
Research Description: The TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI WooCommerce Wishlist Pro WordPress plugin before 1.40.1 do not sanitise and escape the item_id parameter before using it in a SQL statement via the wishlist/remove_product REST endpoint, allowing unauthenticated attackers to perform SQL injection attacks
Affected versions: max 1.40.1.
Status: vulnerable

Aug 25, 2024

TI WooCommerce Wishlist # CVE-2024-43917

CVE, Research URL: CVE-2024-43917
Home page URL: Security reports for TI WooCommerce Wishlist
Application: TI WooCommerce Wishlist
Date: Aug 29, 2024
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows SQL Injection.This issue affects TI WooCommerce Wishlist: from n/a through 2.8.2.
Affected versions: max 2.9.0.
Status: vulnerable

Oct 11, 2024

TI WooCommerce Wishlist # CVE-2024-9156

CVE, Research URL: CVE-2024-9156
Home page URL: Security reports for TI WooCommerce Wishlist
Application: TI WooCommerce Wishlist
Date: Oct 10, 2024
Research Description: The TI WooCommerce Wishlist WordPress plugin through 2.8.2 is vulnerable to SQL Injection due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions: max 2.9.1.
Status: vulnerable

Dec 05, 2024

TI WooCommerce Wishlist # CVE-2024-10567

CVE, Research URL: CVE-2024-10567
Home page URL: Security reports for TI WooCommerce Wishlist
Application: TI WooCommerce Wishlist
Date: Dec 04, 2024
Research Description: The TI WooCommerce Wishlist plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wizard' function in all versions up to, and including, 2.9.1. This makes it possible for unauthenticated attackers to create new pages, modify plugin settings, and perform limited options updates.
Affected versions: max 2.9.2.
Status: vulnerable

May 20, 2025

TI WooCommerce Wishlist # CVE-2025-32920

CVE, Research URL: CVE-2025-32920
Home page URL: Security reports for TI WooCommerce Wishlist
Application: TI WooCommerce Wishlist
Date: May 19, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist allows Stored XSS.This issue affects TI WooCommerce Wishlist: from n/a through <= 2.10.0.
Affected versions: max 2.11.0.
Status: vulnerable

TI WooCommerce Wishlist # CVE-2025-47577

CVE, Research URL: CVE-2025-47577
Home page URL: Security reports for TI WooCommerce Wishlist
Application: TI WooCommerce Wishlist
Date: May 20, 2025
Research Description: Unrestricted Upload of File with Dangerous Type vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist allows Upload a Web Shell to a Web Server.This issue affects TI WooCommerce Wishlist: from n/a through <= 2.9.2.
Affected versions: max 2.10.0.
Status: vulnerable

Jan 08, 2026

TI WooCommerce Wishlist # CVE-2025-67929

CVE, Research URL: CVE-2025-67929
Home page URL: Security reports for TI WooCommerce Wishlist
Application: TI WooCommerce Wishlist
Date: Dec 16, 2025
Research Description: Missing Authorization vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TI WooCommerce Wishlist: from n/a through <= 2.10.0.
Affected versions: max 2.11.0.
Status: vulnerable

Apr 23, 2026

TI WooCommerce Wishlist # CVE-2025-58247

CVE, Research URL: CVE-2025-58247
Home page URL: Security reports for TI WooCommerce Wishlist
Application: TI WooCommerce Wishlist
Date: Sep 23, 2025
Research Description: Missing Authorization vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TI WooCommerce Wishlist: from n/a through <= 2.10.0.
Affected versions: max 2.11.0.
Status: vulnerable

TI WooCommerce Wishlist # CVE-2025-9207

CVE, Research URL: CVE-2025-9207
Home page URL: Security reports for TI WooCommerce Wishlist
Application: TI WooCommerce Wishlist
Date: Dec 13, 2025
Research Description: The TI WooCommerce Wishlist plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 2.10.0. This is due to the plugin accepting hidden fields and not limiting the values or data that can input and is later output. This makes it possible for unauthenticated attackers to inject arbitrary HTML into wishlist items.
Affected versions: max 2.11.0.
Status: vulnerable

Jun 14, 2026

TI WooCommerce Wishlist # CVE-2023-33999

CVE, Research URL: CVE-2023-33999
Home page URL: Security reports for TI WooCommerce Wishlist
Application: TI WooCommerce Wishlist
Date: Jun 11, 2026
Research Description: Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in WPVibes WP Mail Log allows DOM-Based XSS. This issue affects WP Mail Log: from n/a through 1.0.2.
Affected versions: max 1.7.0.
Status: vulnerable

Jun 16, 2026

TI WooCommerce Wishlist # 70003bb7c9834477949022e2ca39f55d28f6857c

CVE, Research URL: 70003bb7c9834477949022e2ca39f55d28f6857c
Home page URL: Security reports for TI WooCommerce Wishlist
Application: TI WooCommerce Wishlist
Date: Oct 16, 2020
Research Description: TI WooCommerce Wishlist [ti-woocommerce-wishlist] < 1.21.12 WordPress TI WooCommerce Wishlist plugin <= 1.21.11 - Authenticated WP Options Change vulnerability Authenticated WP Options Change vulnerability found by Jerome Bruandet (NinTechNet) in WordPress TI WooCommerce Wishlist plugin (versions <= 1.21.11).
Affected versions: max 1.21.12.
Status: vulnerable

TI WooCommerce Wishlist # d7de709d97440a25a7f27c416f2baddad8a6aeb5

CVE, Research URL: d7de709d97440a25a7f27c416f2baddad8a6aeb5
Home page URL: Security reports for TI WooCommerce Wishlist
Application: TI WooCommerce Wishlist
Date: Oct 16, 2020
Research Description: TI WooCommerce Wishlist [ti-woocommerce-wishlist] < 1.21.12 TI WooCommerce Wishlist <= 1.21.11 and TI WooCommerce Wishlist Pro <= 1.21.4 - Arbitrary Options Update The TI WooCommerce Wishlist and TI WooCommerce Wishlist Pro plugins for WordPress are vulnerable to an Options Change vulnerability in versions up to, and including, 1.21.11 and 1.21.4 via the 'ti-woocommerce-wishlist/includes/export.class.php' file. This makes it possible for authenticated attackers to gain otherwise restricted access to the vulnerable blog and update any settings.
Affected versions: max 1.21.12.
Status: vulnerable

TI WooCommerce Wishlist # 36a05bf01804a47fe2e3759b129a8e68e07b42a9

CVE, Research URL: 36a05bf01804a47fe2e3759b129a8e68e07b42a9
Home page URL: Security reports for TI WooCommerce Wishlist
Application: TI WooCommerce Wishlist
Date: Jul 31, 2023
Research Description: TI WooCommerce Wishlist [ti-woocommerce-wishlist] < 2.7.4 TI WooCommerce Wishlist <= 2.7.3 - Unauthenticated Blind SQL Injection via Rest API The TI WooCommerce Wishlistplugin for WordPress is vulnerable to blind SQL Injection via the user_id parameter in versions up to, and including, 2.7.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions: max 2.7.4.
Status: vulnerable

TI WooCommerce Wishlist # 9b060ac83719c1d1525bdff158a2c3d7f2417d2e

CVE, Research URL: 9b060ac83719c1d1525bdff158a2c3d7f2417d2e
Home page URL: Security reports for TI WooCommerce Wishlist
Application: TI WooCommerce Wishlist
Date: Jul 31, 2023
Research Description: TI WooCommerce Wishlist [ti-woocommerce-wishlist] < 2.7.4 WordPress TI WooCommerce Wishlist Plugin < 2.7.4 is vulnerable to SQL Injection Update the WordPress TI WooCommerce Wishlist plugin to the latest available version (at least 2.7.4). WordFence discovered and reported this SQL Injection vulnerability in WordPress TI WooCommerce Wishlist Plugin. This could allow a malicious actor to directly interact with your database, including but not limited to stealing information. This vulnerability has been fixed in version 2.7.4.
Affected versions: max 2.7.4.
Status: vulnerable

TI WooCommerce Wishlist # 2e2fb815-7cca-4e6c-b466-179337fe99ee

CVE, Research URL: 2e2fb815-7cca-4e6c-b466-179337fe99ee
Home page URL: Security reports for TI WooCommerce Wishlist
Application: TI WooCommerce Wishlist
Date: -
Research Description: TI WooCommerce Wishlist [ti-woocommerce-wishlist] < 1.21.12 TI WooCommerce Wishlist - Authenticated WP Options Change The TI WooCommerce Wishlist WordPress plugins (free and Pro) were found to be affected by an Authenticated WP Options Change security vulnerability. The vulnerability could allow an authenticated attacker to compromise a WordPress website it was installed on and its database.
Affected versions: max 1.21.12.
Status: vulnerable