HTTP: WordPress TI WooCommerce Wishlist Plugin SQL Injection
This signature detects attempts to exploit a known vulnerability against WordPress TI WooCommerce Wishlist Plugin. A successful attack can lead to command injection and arbitrary code execution.
Extended Description
The TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI WooCommerce Wishlist Pro WordPress plugin before 1.40.1 do not sanitise and escape the item_id parameter before using it in a SQL statement via the wishlist/remove_product REST endpoint, allowing unauthenticated attackers to perform SQL injection attacks
Affected Products
Templateinvaders ti_woocommerce_wishlist
References
CVE: CVE-2022-0412
URL: https://wpscan.com/vulnerability/e984ba11-abeb-4ed4-9dad-0bfd539a9682
Short Name
HTTP:SQL:INJ:WP-TI-WCOM-WISHLST
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2022-0412 Injection Plugin SQL TI Wishlist WooCommerce WordPress
Release Date
03/18/2022
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3476
False Positive
Unknown
Vendors
Templateinvaders
CVSS Score
7.5