WordPress TI WooCommerce Wishlist premium plugin <= 1.40.0 - Unauthenticated Blind SQL Injection (SQLi) vulnerability

2022-01-3100:00:00

Krzysztof Zając

patchstack.com

0.085 Low

EPSS

Percentile

94.5%

JSON

Unauthenticated Blind SQL Injection (SQLi) vulnerability discovered by Krzysztof Zając in WordPress TI WooCommerce Wishlist premium plugin (versions <= 1.40.0).

Solution

           Update the WordPress TI WooCommerce Wishlist premium plugin to the latest available version (at least 1.40.1).

CPENameOperatorVersion
ti woocommerce wishlist premiumle1.40.0

CPE	Name	Operator	Version
	ti woocommerce wishlist premium	le	1.40.0

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0412

templateinvaders.com/changelogs/ti-woocommerce-wishlist-plugin-changelog/

wpscan.com/vulnerability/e984ba11-abeb-4ed4-9dad-0bfd539a9682

0.085 Low

EPSS

Percentile

94.5%

JSON

Related for PATCHSTACK:08E4FC8349B2DD53D436AF01CF28AAE0