10
CVE-2025-47577
- EPSS 4.91%
- Veröffentlicht 19.05.2025 18:15:02
- Zuletzt bearbeitet 23.04.2026 15:30:31
- Quelle audit@patchstack.com
- CVE-Watchlists
- Unerledigt
WordPress TI WooCommerce Wishlist plugin <= 2.9.2 - Arbitrary File Upload Vulnerability
TI WooCommerce Wishlist <= 2.9.2 - Unauthenticated Arbitrary File Upload
Unrestricted Upload of File with Dangerous Type vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist allows Upload a Web Shell to a Web Server.This issue affects TI WooCommerce Wishlist: from n/a through <= 2.9.2.
Mögliche Gegenmaßnahme
TI WooCommerce Wishlist: Update to version 2.10.0, or a newer patched version
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Herstellertemplateinvaders
≫
Produkt
TI WooCommerce Wishlist
Default Statusunaffected
Version <=
2.9.2
Version
0
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginWeitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
TI WooCommerce Wishlist
Version
*-2.9.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.91% | 0.91 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| audit@patchstack.com | 10 | 3.9 | 6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://patchstack.com/database/Wordpress/Plugin/ti-woocommerce-wishlist/vulnerability/wordpress-ti-woocommerce-wishlist-2-9-2-arbitrary-file-upload-vulnerability?_s_id=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/1789b78a-4733-40b9-b28f-f63aeb4c0f0b