CVE-2025-67929
Description
Missing Authorization vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TI WooCommerce Wishlist: from n/a through <= 2.10.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing authorization in TI WooCommerce Wishlist plugin allows unauthenticated users to exploit incorrectly configured access control, affecting versions up to 2.10.0.
The vulnerability is a missing authorization check in the TI WooCommerce Wishlist plugin for WordPress. The plugin fails to properly verify user permissions on certain functions, allowing unauthorized access to functionality that should require higher privileges. This is classified as a broken access control issue [1].
Exploitation does not require authentication; an attacker can send crafted requests to the vulnerable endpoint. The attack surface is the plugin's wishlist features, accessible via HTTP requests. No special network position is needed.
An unauthenticated attacker can exploit this to perform actions reserved for authenticated users, such as modifying wishlists or accessing sensitive data. This could lead to unauthorized data exposure or manipulation.
Update to version 2.11.0 or later to resolve the issue. According to the advisory [1], the severity is low and exploitation unlikely, but immediate updating is recommended.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.