Over 100,000 WordPress Sites at Risk from Critical CVSS 10.0 Vulnerability in Wishlist Plugin

May 29, 2025

Cybersecurity researchers have disclosed a critical unpatched security flaw impacting TI WooCommerce Wishlist plugin for WordPress that could be exploited by unauthenticated attackers to upload arbitrary files.
TI WooCommerce Wishlist, which has over 100,000 active installations, is a tool to allow e-commerce site customers to save their favorite products for later and share the lists on social

Source: Read More

Previous ArticleChinese APT41 Exploits Google Calendar for Malware Command-and-Control Operations

Next Article Smashing Security podcast #419: Star Wars, the CIA, and a WhatsApp malware mirage

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

SteelSeries reveals new Arctis Nova 3 Wireless headset series for Xbox, PlayStation, Nintendo Switch, and PC

The Witcher 4 looks absolutely amazing in UE5 technical presentation at State of Unreal 2025

Razer’s having another go at making it so you never have to charge your wireless gaming mouse, and this time it might have nailed it

Alienware’s rumored laptop could be the first to feature NVIDIA’s revolutionary Arm-based APU

easy-live2d – About Make your Live2D as easy to control as a pixi sprite! Live2D Web SDK based on Pixi.js.

easy-live2d – About Make your Live2D as easy to control as a pixi sprite! Live2D Web SDK based on Pixi.js.

From Kitchen To Conversion

Perficient Included in Forrester’s AI Technical Services Landscape, Q2 2025

SteelSeries reveals new Arctis Nova 3 Wireless headset series for Xbox, PlayStation, Nintendo Switch, and PC

SteelSeries reveals new Arctis Nova 3 Wireless headset series for Xbox, PlayStation, Nintendo Switch, and PC

The Witcher 4 looks absolutely amazing in UE5 technical presentation at State of Unreal 2025

Razer’s having another go at making it so you never have to charge your wireless gaming mouse, and this time it might have nailed it

Over 100,000 WordPress Sites at Risk from Critical CVSS 10.0 Vulnerability in Wishlist Plugin

Alert: Malicious RubyGems Impersonate Fastlane Plugins, Steal CI/CD Data

Critical CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed

Ransomware Attack Hits Union County, Exposing Residents’ Personal Data

CVE-2025-4288 – PCMan FTP Server RNFR Command Handler Buffer Overflow Vulnerability

8 simple ways Mac users can better protect their privacy

Linus Torvalds built Git in 10 days – and never imagined it would last 20 years

Duo Charged with Operating $430 Million Dark Web Marketplace

The Best Practices for Managing Your Client’s WordPress Sites

Microsoft Tackles 9 Zero-Day Exploits in August 2024 Patch Tuesday Update

How to Handle a Compromised WordPress Plugin

Over 100,000 WordPress Sites at Risk from Critical CVSS 10.0 Vulnerability in Wishlist Plugin

Related Posts