Lucene search
China National Vulnerability DatabaseCNVD-2022-66595HistoryMar 02, 2022 - 12:00 a.m.
WordPress TI WooCommerce Wishlist plugin SQL injection vulnerability
2022-03-0200:00:00
China National Vulnerability Database
www.cnvd.org.cn
20
0.085 Low
EPSS
Percentile
94.5%
WordPress is the Wordpress Foundation’s suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers.A SQL injection vulnerability exists in versions of the WordPress TI WooCommerce Wishlist plugin prior to 1.40.1, which stems from the plugin’s failure to clean up and escape the item_id parameter before using it in SQL statements via the wishlist/remove_product REST endpoint. Failure to clean up and escape the item_id parameter before using it in a SQL statement can be exploited by an unauthenticated attacker to execute illegal SQL commands to steal sensitive database data.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress ti woocommerce wishlist plugin | lt | 1.40.1 |
Related
cve
cve
CVE-2022-0412
2022-02-28 09:15:09
patchstack
patchstack
prion
prion
Sql injection
2022-02-28 09:15:00
openvas
openvas
WordPress TI WooCommerce Wishlist Plugin < 1.40.1 SQLi Vulnerability
2022-03-14 00:00:00
wpexploit
wpexploit
TI WooCommerce Wishlist < 1.40.1 - Unauthenticated Blind SQL Injection
2022-01-31 00:00:00
wpvulndb
wpvulndb
TI WooCommerce Wishlist < 1.40.1 - Unauthenticated Blind SQL Injection
2022-01-31 00:00:00
cvelist
cvelist
nvd
nvd
CVE-2022-0412
2022-02-28 09:15:09
nuclei
nuclei
WordPress TI WooCommerce Wishlist <1.40.1 - SQL Injection
2022-10-01 13:34:58
githubexploit
githubexploit
Exploit for SQL Injection in Templateinvaders Ti Woocommerce Wishlist
2024-03-20 22:22:51