High severity8.8NVD Advisory· Published Jun 7, 2023· Updated Apr 8, 2026

CVE-2020-36725

Description

The TI WooCommerce Wishlist and TI WooCommerce Wishlist Pro plugins for WordPress are vulnerable to an Options Change vulnerability in versions up to, and including, 1.21.11 and 1.21.4 via the 'ti-woocommerce-wishlist/includes/export.class.php' file. This makes it possible for authenticated attackers to gain otherwise restricted access to the vulnerable blog and update any settings.

Affected products

Templateinvaders/Ti Woocommerce Wishlist2 versions
cpe:2.3:a:templateinvaders:ti_woocommerce_wishlist:*:*:*:*:pro:wordpress:*:*+ 1 more
- cpe:2.3:a:templateinvaders:ti_woocommerce_wishlist:*:*:*:*:pro:wordpress:*:*range: <1.21.5
- cpe:2.3:a:templateinvaders:ti_woocommerce_wishlist:*:*:*:*:free:wordpress:*:*range: <1.21.12

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

blog.nintechnet.com/critical-zero-day-vulnerability-fixed-in-wordpress-ti-woocommerce-wishlist-plugin/nvdExploitThird Party Advisory
wpscan.com/vulnerability/2e2fb815-7cca-4e6c-b466-179337fe99eenvdThird Party Advisory
www.wordfence.com/threat-intel/vulnerabilities/id/d60b5741-5496-4e87-bcb0-adaa0db07d90nvdThird Party Advisory
templateinvaders.com/changelogs/ti-woocommerce-wishlist-plugin-changelog/nvdRelease Notes

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000