According to Techradaran emergency security warning has just been released, targeting hundreds of thousands of website owners WordPress especially e -commerce stores. Researchers from Patchstack have discovered a serious hole, rated at 10/10 (CVE-2025-47577), in the popular ‘Ti Woocommerce Wishlist’, there is a risk that allows attackers to fully control the website.
More than 100,000 WordPress websites have dangerous holes
Ti WooCommerce Wishlist plugin, with more than 100,000 active settings, is a familiar extension for stores using WooCommerce, helping customers create and manage their favorite product list. However, gap Newly detected allows toxic agents to upload arbitrary files on the server without any authentic form. This paves the way for installing malicious code, stealing sensitive data, or even deleting the entire website – a particularly dangerous scenario for e -commerce sites that regularly process payment information and customer data.
WordPress continues to have serious problems because of security
Photo: Wiretrip screens
It is worrying that Ti WooCommerce Wishlist (2.9.2) has been last up to 6 months ago and has no official patch for this serious gap. Therefore, experts security Strong recommendation of the administrators using this plugin should disable and remove it immediately until the developer launches an update to fix errors.
However, there is a small ‘bright spot’ in this stressful situation that successfully exploiting the gap seems to be able to perform if the site and installing and activating the ‘WC Fields Factory’ plugin, as well as the integration between these two plugins on Ti Woocommerce Wishlist. WC Fields Factory is another free plugin for WooCommerce, used to add custom fields to the product and payment page.
However, with the severity of 10/10, users should not be subjective. The initiative to remove the faulty plugin is the best protection measure right now to avoid unnecessary damage. Administrators should closely monitor the notice from Patchstack and the WordPress community to update information about patch earliest.
website,update,serious,WordPress,Security,Patch,Administrator,product,Setting,data
