CVE-2020-36725

HIGH EXPLOITED

TI WooCommerce Wishlist/TI WooCommerce Wishlist Pro <1.21.11/1.21.4...

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2020-36725 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

The TI WooCommerce Wishlist and TI WooCommerce Wishlist Pro plugins for WordPress are vulnerable to an Options Change vulnerability in versions up to, and including, 1.21.11 and 1.21.4 via the 'ti-woocommerce-wishlist/includes/export.class.php' file. This makes it possible for authenticated attackers to gain otherwise restricted access to the vulnerable blog and update any settings.

Scores

CVSS v3 8.8
EPSS 0.0115
EPSS Percentile 62.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

VulnCheck KEV 2020-10-16
CWE
CWE-862
Status published
Products (4)
templateinvaders/TI WooCommerce Wishlist < 1.21.11
TemplateInvaders/TI WooCommerce Wishlist Pro < 1.21.4
templateinvaders/ti_woocommerce_wishlist < 1.21.12
templateinvaders/ti_woocommerce_wishlist < 1.21.5
Published Jun 07, 2023
Tracked Since Feb 18, 2026