High severity8.8NVD Advisory· Published Jun 7, 2023· Updated Apr 8, 2026
CVE-2020-36725
CVE-2020-36725
Description
The TI WooCommerce Wishlist and TI WooCommerce Wishlist Pro plugins for WordPress are vulnerable to an Options Change vulnerability in versions up to, and including, 1.21.11 and 1.21.4 via the 'ti-woocommerce-wishlist/includes/export.class.php' file. This makes it possible for authenticated attackers to gain otherwise restricted access to the vulnerable blog and update any settings.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:templateinvaders:ti_woocommerce_wishlist:*:*:*:*:free:wordpress:*:*+ 1 more
- cpe:2.3:a:templateinvaders:ti_woocommerce_wishlist:*:*:*:*:free:wordpress:*:*range: <1.21.12
- cpe:2.3:a:templateinvaders:ti_woocommerce_wishlist:*:*:*:*:pro:wordpress:*:*range: <1.21.5
- Range: <=1.21.11
Patches
Vulnerability mechanics
References
4- blog.nintechnet.com/critical-zero-day-vulnerability-fixed-in-wordpress-ti-woocommerce-wishlist-plugin/nvdExploitThird Party Advisory
- wpscan.com/vulnerability/2e2fb815-7cca-4e6c-b466-179337fe99eenvdThird Party Advisory
- www.wordfence.com/threat-intel/vulnerabilities/id/d60b5741-5496-4e87-bcb0-adaa0db07d90nvdThird Party Advisory
- templateinvaders.com/changelogs/ti-woocommerce-wishlist-plugin-changelog/nvdRelease Notes
News mentions
0No linked articles in our index yet.