VYPR
Unrated severityNVD Advisory· Published Feb 28, 2022· Updated Aug 2, 2024

TI WooCommerce Wishlist < 1.40.1 - Unauthenticated Blind SQL Injection

CVE-2022-0412

Description

The TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI WooCommerce Wishlist Pro WordPress plugin before 1.40.1 do not sanitise and escape the item_id parameter before using it in a SQL statement via the wishlist/remove_product REST endpoint, allowing unauthenticated attackers to perform SQL injection attacks

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.