HTML Injection Vulnerability in TI WooCommerce Wishlist Plugin for WordPress
CVE-2025-9207
5.3MEDIUM
What is CVE-2025-9207?
The TI WooCommerce Wishlist plugin for WordPress allows unauthenticated attackers to exploit an HTML Injection vulnerability present in all versions up to and including 2.10.0. This issue arises from the plugin's failure to properly validate and sanitize input from hidden fields, enabling malicious users to inject arbitrary HTML code into wishlist items. As a result, potential security risks such as cross-site scripting (XSS) can occur, compromising the integrity of the application and the safety of its users.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
TI WooCommerce Wishlist * <= 2.10.0
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Pim Schaaf