Lucene search
WPScanCVELIST:CVE-2022-0412HistoryFeb 28, 2022 - 9:06 a.m.
CVE-2022-0412 TI WooCommerce Wishlist < 1.40.1 - Unauthenticated Blind SQL Injection
2022-02-2809:06:56
CWE-89
WPScan
www.cve.org
4
cve-2022-0412
woocommerce
wordpress
sql injection
unauthenticated
EPSS
0.021
Percentile
89.3%
The TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI WooCommerce Wishlist Pro WordPress plugin before 1.40.1 do not sanitise and escape the item_id parameter before using it in a SQL statement via the wishlist/remove_product REST endpoint, allowing unauthenticated attackers to perform SQL injection attacks
CNA Affected
[
{
"product": "TI WooCommerce Wishlist",
"vendor": "TemplateInvaders",
"versions": [
{
"lessThan": "1.40.1",
"status": "affected",
"version": "1.40.1",
"versionType": "custom"
}
]
},
{
"product": "TI WooCommerce Wishlist Pro",
"vendor": "TemplateInvaders",
"versions": [
{
"lessThan": "1.40.1",
"status": "affected",
"version": "1.40.1",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2022-0412
2022-02-28 09:15:09
nuclei
nuclei
WordPress TI WooCommerce Wishlist <1.40.1 - SQL Injection
2022-10-01 13:34:58
cnvd
cnvd
WordPress TI WooCommerce Wishlist plugin SQL injection vulnerability
2022-03-02 00:00:00
nvd
nvd
CVE-2022-0412
2022-02-28 09:15:09
githubexploit
githubexploit
Exploit for SQL Injection in Templateinvaders Ti Woocommerce Wishlist
2024-03-20 22:22:51
openvas
openvas
WordPress TI WooCommerce Wishlist Plugin < 1.40.1 SQLi Vulnerability
2022-03-14 00:00:00
patchstack
patchstack
prion
prion
Sql injection
2022-02-28 09:15:00
wpvulndb
wpvulndb
TI WooCommerce Wishlist < 1.40.1 - Unauthenticated Blind SQL Injection
2022-01-31 00:00:00
wpexploit
wpexploit
TI WooCommerce Wishlist < 1.40.1 - Unauthenticated Blind SQL Injection
2022-01-31 00:00:00