PT-2025-51094 · WordPress · Ti Woocommerce Wishlist
Pim Schaaf
·
Published
2025-12-13
·
Updated
2025-12-13
·
CVE-2025-9207
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
TI WooCommerce Wishlist plugin for WordPress versions prior to 2.10.1
Description
The TI WooCommerce Wishlist plugin for WordPress is susceptible to HTML Injection due to the plugin accepting hidden fields and failing to limit input data. This allows unauthenticated attackers to inject arbitrary HTML into wishlist items.
Recommendations
Update the TI WooCommerce Wishlist plugin to version 2.10.1 or later.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ti Woocommerce Wishlist