CVE-2020-36725: 
WordPress vulnerability analysis and mitigation

The TI WooCommerce Wishlist and TI WooCommerce Wishlist Pro plugins for WordPress contain an Options Change vulnerability (CVE-2020-36725) in versions up to 1.21.11 (free) and 1.21.4 (pro). The vulnerability was discovered on October 16, 2020, affecting the file 'ti-woocommerce-wishlist/includes/export.class.php'. This security issue impacts WordPress installations using these wishlist plugins (WPScan).

The vulnerability is classified as a Missing Authorization issue (CWE-862) with a CVSS v3.1 base score of 8.1 (HIGH) according to NVD, and 8.8 (HIGH) according to Wordfence. The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N, indicating network accessibility, low attack complexity, and requiring low privileges (NVD).

The vulnerability allows authenticated attackers to gain unauthorized access to the vulnerable blog and modify any settings within the WordPress installation. This could potentially lead to a compromise of the WordPress website and its database (WPScan).

Users should update to TI WooCommerce Wishlist version 1.21.12 (free version) or TI WooCommerce Wishlist Pro version 1.21.5 or later to patch this vulnerability. These versions contain the necessary security fixes (Template Invaders).