<ul><li>A critical-severity vulnerability in the TI WooCommerce Wishlist WordPress plugin could expose over 100,000 websites to risks, including complete website takeover.</li><li>The flaw in the plugin allows threat actors to upload arbitrary files to the server without authentication, posing a significant security threat with a severity score of 10/10.</li><li>As of now, the vulnerability is tracked as CVE-2025-47577, and a patch has not been released, advising users to disable or remove the plugin until a fix is available.</li><li>Exploitation is only possible on websites also using the WC Fields Factory plugin with enabled integration on the TI WooCommerce Wishlist plugin, adding an additional layer of requirement for successful attacks.</li></ul>

Critical security flaw could leave over 100,000 WordPress sites at risk

Discover more