cleantalk
Vulnerabilities and Security Researches

TI WooCommerce Wishlist, CVE-2025-9207

CVE, Research URL

CVE-2025-9207

Home page URL

Security reports for TI WooCommerce Wishlist

Application

TI WooCommerce Wishlist

Published on
Dec 13, 2025
Research Description
The TI WooCommerce Wishlist plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 2.10.0. This is due to the plugin accepting hidden fields and not limiting the values or data that can input and is later output. This makes it possible for unauthenticated attackers to inject arbitrary HTML into wishlist items.
Affected versions
max 2.11.0.
Status
vulnerable
Previous vulnerability researches
TI WooCommerce Wishlist (CVE-2025-32920) , May 20, 2025
TI WooCommerce Wishlist (CVE-2025-47577) , May 20, 2025
TI WooCommerce Wishlist (CVE-2025-67929) , Jan 08, 2026
TI WooCommerce Wishlist (CVE-2025-9207) , Apr 23, 2026
TI WooCommerce Wishlist (CVE-2023-33999) , Jun 14, 2026
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar – Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026