WordPress TI WooCommerce Wishlist plugin <= 1.21.11 - Authenticated WP Options Change vulnerability

Back

Product: TI WooCommerce Wishlist
Description: Authenticated WP Options Change vulnerability found by Jerome Bruandet (NinTechNet) in WordPress TI WooCommerce Wishlist plugin (versions <= 1.21.11).
Solution: Update the WordPress TI WooCommerce Wishlist plugin to the latest available version (at least 1.21.12).
Classification: Type Unknown
OWASP Top 10 A7: Missing Function Level Access Control
References: Vulnerability details
Plugin changelog
CVE: Name CVE-N/A
Versions: Affected In <= 1.21.11
Fixed In 1.21.12
Disclosure date: 2020-10-16
Credits: Jerome Bruandet (NinTechNet)

ThreatPress