3 matches found
CVE-2022-0412
The TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI WooCommerce Wishlist Pro WordPress plugin before 1.40.1 do not sanitise and escape the itemid parameter before using it in a SQL statement via the wishlist/removeproduct REST endpoint, allowing unauthenticated attackers to perform SQL...
CVE-2022-0412 TI WooCommerce Wishlist < 1.40.1 - Unauthenticated Blind SQL Injection
The TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI WooCommerce Wishlist Pro WordPress plugin before 1.40.1 do not sanitise and escape the itemid parameter before using it in a SQL statement via the wishlist/removeproduct REST endpoint, allowing unauthenticated attackers to perform SQL...
CVE-2022-0412
CVE-2022-0412 affects the TI WooCommerce Wishlist WordPress plugin (and TI WooCommerce Wishlist Pro) prior to version 1.40.1. The vulnerability arises because the plugin fails to sanitize and escape the item_id parameter before using it in a SQL statement within the wishlist/remove_product REST e...