Vulnerability Description
The TI WooCommerce Wishlist and TI WooCommerce Wishlist Pro plugins for WordPress are vulnerable to an Options Change vulnerability in versions up to, and including, 1.21.11 and 1.21.4 via the 'ti-woocommerce-wishlist/includes/export.class.php' file. This makes it possible for authenticated attackers to gain otherwise restricted access to the vulnerable blog and update any settings.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Templateinvaders | Ti Woocommerce Wishlist | < 1.21.5 |
Related Weaknesses (CWE)
References
- https://blog.nintechnet.com/critical-zero-day-vulnerability-fixed-in-wordpress-tExploitThird Party Advisory
- https://templateinvaders.com/changelogs/ti-woocommerce-wishlist-plugin-changelogRelease Notes
- https://wpscan.com/vulnerability/2e2fb815-7cca-4e6c-b466-179337fe99eeThird Party Advisory
- https://www.wordfence.com/threat-intel/vulnerabilities/id/d60b5741-5496-4e87-bcbThird Party Advisory
- https://blog.nintechnet.com/critical-zero-day-vulnerability-fixed-in-wordpress-tExploitThird Party Advisory
- https://templateinvaders.com/changelogs/ti-woocommerce-wishlist-plugin-changelogRelease Notes
- https://wpscan.com/vulnerability/2e2fb815-7cca-4e6c-b466-179337fe99eeThird Party Advisory
- https://www.wordfence.com/threat-intel/vulnerabilities/id/d60b5741-5496-4e87-bcbThird Party Advisory
FAQ
What is CVE-2020-36725?
CVE-2020-36725 is a vulnerability with a CVSS score of 8.8 (HIGH). The TI WooCommerce Wishlist and TI WooCommerce Wishlist Pro plugins for WordPress are vulnerable to an Options Change vulnerability in versions up to, and including, 1.21.11 and 1.21.4 via the 'ti-woo...
How severe is CVE-2020-36725?
CVE-2020-36725 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-36725?
Check the references section above for vendor advisories and patch information. Affected products include: Templateinvaders Ti Woocommerce Wishlist.