WordPress Plugin Vulnerabilities

TI WooCommerce Wishlist < 2.10.0 - Unauthenticated Arbitrary File Upload

Description

The plugin is vulnerable to arbitrary file uploads due to missing file type validation. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Affects Plugins

Plugin icon
ti-woocommerce-wishlist
Fixed in 2.10.0

References

CVE
CVE-2025-47577
URL
https://patchstack.com/database/wordpress/plugin/ti-woocommerce-wishlist/vulnerability/wordpress-ti-woocommerce-wishlist-2-9-2-arbitrary-file-upload-vulnerability

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
4a919840-6d2a-4dff-931e-4a0ee31a5424

Timeline

Publicly Published
2025-05-16 (about 1 year ago)
Added
2025-05-21 (about 1 year ago)
Last Updated
2026-06-03 (about 24 days ago)

Other

Published
Title
Published
2024-11-08
Title
WordPress User Extra Fields < 16.6 - Unauthenticated Arbitrary File Upload
Published
2025-08-13
Title
Forms < 3.0.0 - Authenticated (Contributor+) Arbitrary File Upload
Published
2024-11-27
Title
File Manager Pro – Filester < 1.8.7- Authenticated (Subscriber+) Arbitrary File Upload
Published
2025-07-11
Title
WPBookit < 1.0.5 - Unauthenticated Arbitrary File Upload
Published
2025-06-23
Title
Aiomatic - AI Content Writer, Editor, ChatBot & AI Toolkit < 2.5.1 - Authenticated (Subscriber+) Arbitrary File Upload