TemplateInvaders TI WooCommerce Wishlist Vulnerability

CRITICAL (10.0) No Patch (209 days)

Threat Intelligence

⚠️ CRITICAL GAP - Exploits exist but no detection available

EPSS Score: 0.12% chance of exploitation (percentile: 32%)

🔍 Detection Tools: None available in major open-source tools

⚔️ Exploit Availability: GitHub PoC

How we test →

What is it?

TemplateInvaders TI WooCommerce Wishlist is a WordPress plugin used to manage wishlists. This vulnerability allows attackers to upload a web shell to the server by exploiting an unrestricted file upload feature in the template editor. If you use this plugin, you're at risk of having your server compromised remotely.

Am I affected?

You're affected if you use Unrestricted Upload of File with Dangerous Type vulnerability. Affected versions: 2.10.0 If you don't recognise this software, you're probably not affected.

Affected Products

DynamiApps / TI WooCommerce Wishlist

How to fix

To fix this vulnerability, upgrade to TI WooCommerce Wishlist version 2.10.0 or later. If an immediate upgrade isn't possible:
- Restrict network access to your WordPress installation (firewall it from the public internet)
- Audit plugin activity for suspicious file uploads

References

patchstack.com