CVE-2025-47577
Published May 19, 2025
Last updated 10 days ago
AI description
CVE-2025-47577 is an unrestricted file upload vulnerability found in the TemplateInvaders TI WooCommerce Wishlist plugin for WordPress, affecting versions up to 2.9.2. This vulnerability allows attackers to upload arbitrary files, including web shells, to the web server. Successful exploitation of this vulnerability could lead to remote code execution and potentially complete server compromise, allowing attackers to gain unauthorized system access, steal data, modify website content, or compromise the entire web infrastructure. The vulnerability is classified as CWE-434 (Unrestricted Upload of File with Dangerous Type).
- Description
- Unrestricted Upload of File with Dangerous Type vulnerability in TemplateInvaders TI WooCommerce Wishlist allows Upload a Web Shell to a Web Server.This issue affects TI WooCommerce Wishlist: from n/a through 2.9.2.
- Source
- audit@patchstack.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- audit@patchstack.com
- CWE-434
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
24
اگر در وب سایت wordpress شما پلاگینی با نام TI WooCommerce وجود دارد ، همین الان آن را غیر فعال یا حذف کنید. به تازگی برای این پلاگین Wordpress آسیب پذیری با کد شناسایی CVE-2025
@AmirHossein_sec
30 May 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
⚠️ Vulnerabilidad crítica en complemento de WordPress ❗CVE-2025-47577 ➡️Más info: https://t.co/yRZF5yOwlL https://t.co/Y46Cxnw7KQ
@CERTpy
30 May 2025
145 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Más de 100.000 sitios de WordPress en riesgo por una vulnerabilidad crítica en el plugin Wishlist TI WooCommerce Wishlist CVE-2025-47577 CVSS 10.0 https://t.co/SAriAxfhUb https://t.co/FpRXq3Tron
@elhackernet
30 May 2025
6069 Impressions
34 Retweets
79 Likes
20 Bookmarks
0 Replies
0 Quotes
🚨Hackers🚨 Don’t miss the CRITICAL file upload vulnerability in a WooCommerce plugin: CVE-2025-47577! ⚠️ This vulnerability is UNPATCHED! Act fast to check if it’s on your targets 🔥 FOFA query: body="/wp-content/plugins/ti-woocommerce-wishlist" https://t.co/rKbgs6
@chux13786509
30 May 2025
4341 Impressions
8 Retweets
90 Likes
58 Bookmarks
1 Reply
1 Quote
10万以上のWordPressサイトがワーキングプラグインの脆弱性(CVSS 10.0)により危機に瀕するCVE-2025-47577 https://t.co/Gf66EA21WH #Security #セキュリティ #ニュース
@SecureShield_
30 May 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-47577: Critical File Upload Vulnerability Found in Wishlist WordPress Plugin #WordPress #CVE202547577 #CyberSecurity #WooCommerce #PluginVulnerability #WebsiteSecurity #RCE #PatchNow #InfoSec #WPPlugins https://t.co/g7kvpAcIUu
@cyashadotcom
29 May 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-47577 Zero Day affecting the Wishlist Wordpress Plugin (CVSS 10) This is an arbitrary file upload vulnerability allowing attackers to upload malicious files to the server without authentication and could potentially lead to complete server compromise. There are h
@rxerium
29 May 2025
184 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨CVE-2025-47577 : Unrestricted Upload of File with Dangerous Type vulnerability in TemplateInvaders TI WooCommerce Wishlist 📊 81.5K+Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/qKwadUASBp 👇Query HUNTER : https://t.co/neE
@HunterMapping
29 May 2025
3769 Impressions
22 Retweets
69 Likes
30 Bookmarks
1 Reply
0 Quotes
WordPressの「TI WooCommerce Wishlist」プラグインに深刻な脆弱性(CVE-2025-47577)が発見され、10万以上のサイトが影響を受ける可能性がある。現在、修正パッチは提供されておらず、ユーザーはプラグインの無効化ま
@01ra66it
29 May 2025
268 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
#WordPress TI #WooCommerce Wishlist Plugin Vulnerability CVE-2025-47577 (unauthenticated unrestricted file upload) Exposes 100,000+ Websites To Cyberattack: 👇 https://t.co/m6mVNGEi8K
@securestep9
29 May 2025
97 Impressions
0 Retweets
1 Like
2 Bookmarks
0 Replies
0 Quotes
🚨 0-day Alert: Unpatched flaw threatens 100K+ WordPress sites A critical vulnerability (CVE-2025-47577, CVSS 10.0) in TI WooCommerce Wishlist lets unauthenticated attackers upload malicious files. 🔗 Full details → https://t.co/peFanN6CFD
@TheHackersNews
29 May 2025
10433 Impressions
40 Retweets
71 Likes
19 Bookmarks
2 Replies
0 Quotes
⚡️The vulnerability details are now available: https://t.co/PiqGSEL9Hi 🚨🚨CVE-2025-47577 (CVSS: 10): WordPress TI WooCommerce Wishlist - Unauthenticated attackers can upload malicious files to servers via an arbitrary file upload flaw. ZoomEye Dork👉app="WordPress W
@zoomeye_team
28 May 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE Alert: Critical WordPress TI WooCommerce Wishlist Unauthenticated Arbitrary File Upload Vulnerability🚨 Vulnerability Details: CVE-2025-47577 (CVSS 10/10) WordPress TI WooCommerce Wishlist Arbitrary File Upload Vulnerability Impact: A successful exploit may allows ht
@CyberxtronTech
28 May 2025
80 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE Alert: Critical WordPress TI WooCommerce Wishlist Unauthenticated Arbitrary File Upload Vulnerability🚨 Vulnerability Details: CVE-2025-47577 (CVSS 10/10) WordPress TI WooCommerce Wishlist Arbitrary File Upload Vulnerability Impact: A successful exploit may allows ht
@CyberxtronTech
28 May 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE Alert: Critical WordPress TI WooCommerce Wishlist Unauthenticated Arbitrary File Upload Vulnerability🚨 Vulnerability Details: CVE-2025-47577 (CVSS 10/10) WordPress TI WooCommerce Wishlist Arbitrary File Upload Vulnerability Impact: A successful exploit may allows ht
@CyberxtronTech
28 May 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-47577: Unrestricted Upload of Files in TI WooCommerce Wishlist, 10.0 rating 🔥🔥🔥 Failure to check the types of uploaded files allows attackers to perform RCE. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/08cql2N3is #cybersecurity #vulnerability_m
@Netlas_io
28 May 2025
264 Impressions
1 Retweet
1 Like
3 Bookmarks
0 Replies
0 Quotes
WordPressで10万以上のアクティブ導入がある「TI WooCommerce Wishlist」プラグインに、深刻な未認証ファイルアップロードの脆弱性(CVE-2025-47577)が発見された。 PHPファイルなどの任意ファイルがアップロード可能と
@yousukezan
27 May 2025
2351 Impressions
2 Retweets
12 Likes
3 Bookmarks
0 Replies
0 Quotes
CVE-2025-47577 Unrestricted Upload of File with Dangerous Type vulnerability in TemplateInvaders TI WooCommerce Wishlist allows Upload a Web Shell to a Web Server.This issue affects… https://t.co/Y6M6womEKB
@CVEnew
19 May 2025
370 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-47577: CRITICAL] Beware of the Unrestricted File Upload vulnerability in TI WooCommerce Wishlist plugin version n/a to 2.9.2, allowing attackers to upload dangerous files onto the server. #cybersec...#cve,CVE-2025-47577,#cybersecurity https://t.co/gM8pqGPYCu https://t.c
@CveFindCom
19 May 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes