Pim Schaaf

**Name of the Vulnerable Software and Affected Versions** TI WooCommerce Wishlist plugin for WordPress versions prior to 2.10.1 **Description** The TI WooCommerce Wishlist plugin for WordPress is susceptible to HTML Injection due to the plugin accepting hidden fields and failing to limit input data. This allows unauthenticated attackers to inject arbitrary HTML into wishlist items. **Recommendations** Update the TI WooCommerce Wishlist plugin to version 2.10.1 or later.