CVE-2024-10567

Name of the Vulnerable Software and Affected Versions TI WooCommerce Wishlist plugin for WordPress versions prior to 2.9.2

Description The issue concerns a missing capability check in the wizard function, allowing unauthenticated attackers to create new pages, modify plugin settings, and perform limited options updates. This enables unauthorized modification of data.

Recommendations For versions up to and including 2.9.1, update to version 2.9.2 or later to resolve the issue. As a temporary workaround, consider disabling the wizard function until a patch is available. Restrict access to the plugin's settings and options to minimize the risk of exploitation.