Templateinvaders

Ti Woocommerce Wishlist

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2025-67929

  • EPSS 0.02%
  • Veröffentlicht 16.12.2025 08:12:57
  • Zuletzt bearbeitet 20.01.2026 15:19:32

Missing Authorization vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TI WooCommerce Wishlist: from n/a through <= 2.10.0.

5.3

CVE-2025-9207

  • EPSS 0.14%
  • Veröffentlicht 13.12.2025 07:21:04
  • Zuletzt bearbeitet 15.12.2025 18:22:13

The TI WooCommerce Wishlist plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 2.10.0. This is due to the plugin accepting hidden fields and not limiting the values or data that can input and is later output. T...

5.3

CVE-2025-58247

  • EPSS 0.04%
  • Veröffentlicht 22.09.2025 18:23:31
  • Zuletzt bearbeitet 22.09.2025 21:22:16

Missing Authorization vulnerability in templateinvaders TI WooCommerce Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TI WooCommerce Wishlist: from n/a through 2.10.0.

10

CVE-2025-47577

Medienbericht
  • EPSS 0.19%
  • Veröffentlicht 19.05.2025 18:15:02
  • Zuletzt bearbeitet 05.06.2025 09:15:22

Unrestricted Upload of File with Dangerous Type vulnerability in TemplateInvaders TI WooCommerce Wishlist allows Upload a Web Shell to a Web Server.This issue affects TI WooCommerce Wishlist: from n/a before 2.10.0.

6.5

CVE-2025-32920

  • EPSS 0.05%
  • Veröffentlicht 19.05.2025 16:05:49
  • Zuletzt bearbeitet 17.06.2025 10:15:22

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows Stored XSS.This issue affects TI WooCommerce Wishlist: from n/a through 2.10.0.

7.5

CVE-2024-10567

  • EPSS 0.3%
  • Veröffentlicht 04.12.2024 09:15:04
  • Zuletzt bearbeitet 04.12.2024 09:15:04

The TI WooCommerce Wishlist plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wizard' function in all versions up to, and including, 2.9.1. This makes it possible for unauthenticated att...

7.5

CVE-2024-9156

Exploit
  • EPSS 0.63%
  • Veröffentlicht 10.10.2024 06:15:11
  • Zuletzt bearbeitet 15.10.2024 14:40:45

The TI WooCommerce Wishlist WordPress plugin through 2.8.2 is vulnerable to SQL Injection due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenti...

9.8

CVE-2024-43917

  • EPSS 89.48%
  • Veröffentlicht 29.08.2024 15:15:28
  • Zuletzt bearbeitet 19.09.2024 21:46:19

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows SQL Injection.This issue affects TI WooCommerce Wishlist: from n/a through 2.8.2.

8.1

CVE-2020-36725

Exploit
  • EPSS 0.54%
  • Veröffentlicht 07.06.2023 02:15:12
  • Zuletzt bearbeitet 21.11.2024 05:30:10

The TI WooCommerce Wishlist and TI WooCommerce Wishlist Pro plugins for WordPress are vulnerable to an Options Change vulnerability in versions up to, and including, 1.21.11 and 1.21.4 via the 'ti-woocommerce-wishlist/includes/export.class.php' file....

9.8

CVE-2022-0412

Exploit
  • EPSS 85.86%
  • Veröffentlicht 28.02.2022 09:15:09
  • Zuletzt bearbeitet 21.11.2024 06:38:34

The TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI WooCommerce Wishlist Pro WordPress plugin before 1.40.1 do not sanitise and escape the item_id parameter before using it in a SQL statement via the wishlist/remove_product REST endpoint, ...