Critical security error can jeopardize more than 100,000 WordPress sites

Tech & Gadgets

By Entore Musk On May 29, 2025

- Advertisement -

Apple’s WWDC 2025 -keynote is perhaps an AI…

NVIDIA and MediaTek’s rumors-gaming-laptop chip can fit the…

Garmin can bring users back to nature with new swimming and walking…

- Advertisement -

An error in the WooCommerce request lists threat actors to upload random files
Because the files can be malignant, they can fully take over a website
A patch has not yet been released, so users must be careful

A vulnerability of critical representation in a popular WordPress -plug -in Hundreds of thousands of websites may have been exposed to different risks, including full takeover of websites.

PatchStack security researchers have claimed that Ti WooCommerce -Listion was wearing a random file -upload error, with which actors could upload it to the underlying server without authentication.

The vulnerability is now followed as a CVE-2025-47577 and has a serious score of 10/10 (critical).

Read the calendar

The plug -in Ti WooCommerce Wishlist is an extension for WooCommerce stores with which users can make and manage requests, save and share their favorite products.

In addition to the options for social parts, the plug-in is supplied with Ajax-based functionality, multiple wish list support in the premium version, e-mail reports and more.

According to The Hacker NewsIt has more than 100,000 active installations, which means that the potential attack area is quite large. To make matters worse, these are e-commerce sites, where visitors usually spend money, so that the risk is further aggravated.

At the time of the press, the latest version of the plug -in 2.9.2, was last updated six months ago. Since the patch has not yet been released, users who are afraid of an attack are advised to switch off and remove the plug in until a solution is released.

The silver lining here is that successful exploitation is only possible on websites that have also installed and active the WC Fields Factory -Plug, and the integration is on the plug -in ti WooCommerce Wishlist.

WC Fields Factory is a free WooCommerce plug -in which retailers can add custom fields to product pages, variations, cash register and the WordPress admin interface.

It supports various field types such as text, number, e -mail, date selector and more. The plug-in ensures dynamic price adjustments based on field input, field visibility rules and rolls-based access controls, and it offers a drag-and-drop form designer.

Maybe you like it too

- Advertisement -