CVE-2025-47577
published 2025-05-19CVE-2025-47577: Unrestricted Upload of File with Dangerous Type vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist allows Upload a Web Shell to…
PriorityP276critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EXPLOIT
EPSS
4.91%
91.0th percentile
Unrestricted Upload of File with Dangerous Type vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist allows Upload a Web Shell to a Web Server.This issue affects TI WooCommerce Wishlist: from n/a through <= 2.9.2.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| templateinvaders | ti_woocommerce_wishlist | <= 2.9.2 | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
4a0a0047304502200136c98e3b373880c03643fa11265c6305d8b54f947f23e2a9d6f47cbf122d9e022100bc7572596674128ea5e75185a0be34bddee87b7563992921c3b369a93ba8a49a:922c64590222798bb761d5b6d8e72950
- →Detect unauthenticated multipart file upload POST requests to the WordPress root (/) containing the wishlist form fields 'tinv_wishlist_id', 'product_action=addto', and a 'file' part — no authentication required (PR:N). ↗
- →Alert on files appearing under /wp-content/uploads/ that were delivered via a multipart POST to the wishlist endpoint; the response JSON field 'wishlist_url' will contain a path referencing the uploaded file under wp-content/uploads. ↗
- →Presence of the plugin path /wp-content/plugins/ti-woocommerce-wishlist/ on a server combined with version <= 2.9.2 (NVD) or <= 2.10.0 (Patchstack) indicates a vulnerable target. ↗
- →The exploit flow requires exactly 4 HTTP requests: (1) GET /shop/ to harvest a product ID, (2) POST multipart upload, (3) GET wishlist URL to confirm upload path, (4) GET direct file path — this 4-step sequence is a reliable behavioral signature. ↗
- →Look for the multipart boundary value '-----------------------------735323031399963166993862150' in POST body — used verbatim in the published PoC exploit. ↗
- ·The affected version range differs between NVD and the Nuclei template: NVD states 'through <= 2.9.2' while the template description states '<= 2.10.0'. Verify the exact patched version before scoping detections. ↗
- ·Exploitation requires no authentication (PR:N, CVSS 9.8), meaning any unauthenticated internet user can trigger the upload — WAF rules should not restrict detection to authenticated sessions. ↗
- ·The Nuclei template is marked 'intrusive' — running it against production systems will actually upload a file to /wp-content/uploads/. Ensure cleanup procedures are in place when using this template for detection validation. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
TI WooCommerce Wishlist <= 2.9.2 - Arbitrary File Upload
nuclei·CVSS 10.0
CVE-2025-47577 [CRITICAL] TI WooCommerce Wishlist <= 2.9.2 - Arbitrary File Upload
TI WooCommerce Wishlist <= 2.9.2 - Arbitrary File Upload
TemplateInvaders TI WooCommerce Wishlist <= 2.10.0 contains an unrestricted file upload vulnerability caused by lack of proper file type validation, letting attackers upload web shells to the server, exploit requires no special privileges.
Template:
id: CVE-2025-47577
info:
name: TI WooCommerce Wishlist <= 2.9.2 - Arbitrary File Upload
author: cehcvkr
severity: high
description: |
TemplateInvaders TI WooCommerce Wishlist <= 2.10.0 contains an unrestricted file upload vulnerability caused by lack of proper file type validation, letting attackers upload web shells to the server, exploit requires no special privileges.
impact: |
Attackers can upload malicious web shells, leading to remote code execution and full server compromise.
r
No writeups or analysis indexed.
2025-05-19
Published