Description The plugin does not sufficiently sanitize and escape user-supplied attributes in the ‘tm_woo_wishlist_table’ shortcode. This leads to a Stored Cross-Site Scripting vulnerability, enabling authenticated users with contributor-level or higher permissions to inject arbitrary web scripts.