cleantalk
Vulnerabilities and Security Researches

TI WooCommerce Wishlist, CVE-2024-10567

CVE, Research URL

CVE-2024-10567

Home page URL

Security reports for TI WooCommerce Wishlist

Application

TI WooCommerce Wishlist

Published on
Dec 04, 2024
Research Description
The TI WooCommerce Wishlist plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wizard' function in all versions up to, and including, 2.9.1. This makes it possible for unauthenticated attackers to create new pages, modify plugin settings, and perform limited options updates.
Affected versions
Min -, max 2.9.2.
Status
vulnerable
Previous vulnerability researches
TI WooCommerce Wishlist (CVE-2025-32920) , May 20, 2025
TI WooCommerce Wishlist (CVE-2025-47577) , May 20, 2025
TI WooCommerce Wishlist (CVE-2024-10567) , Dec 05, 2024
TI WooCommerce Wishlist (CVE-2024-43917) , Aug 25, 2024
TI WooCommerce Wishlist (CVE-2024-9156) , Oct 11, 2024
New vulnerability
WordPress Gallery Plugin – NextGEN Gallery (CVE-2024-5878) , May 21, 2025
Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin (CVE-2025-48247) , May 21, 2025
Qi Blocks (CVE-2025-1626) , May 21, 2025
Qi Blocks (CVE-2025-1625) , May 21, 2025
Qi Blocks (CVE-2025-1627) , May 21, 2025