CVE-2020-36725

Name of the Vulnerable Software and Affected Versions TI WooCommerce Wishlist versions up to 1.21.11 TI WooCommerce Wishlist Pro versions up to 1.21.4

Description The issue allows authenticated attackers to gain restricted access to the vulnerable blog and update any settings due to an Options Change vulnerability. This is possible via the 'ti-woocommerce-wishlist/includes/export.class.php' file.

Recommendations For TI WooCommerce Wishlist versions up to 1.21.11, update to a version later than 1.21.11 to resolve the issue. For TI WooCommerce Wishlist Pro versions up to 1.21.4, update to a version later than 1.21.4 to resolve the issue. As a temporary workaround, consider restricting access to the export.class.php file until a patch is available.