CVE-2022-0412
published 2022-02-28CVE-2022-0412: The TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI WooCommerce Wishlist Pro WordPress plugin before 1.40.1 do not sanitise and escape the item_id…
PriorityP181critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
74.58%
99.4th percentile
The TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI WooCommerce Wishlist Pro WordPress plugin before 1.40.1 do not sanitise and escape the item_id parameter before using it in a SQL statement via the wishlist/remove_product REST endpoint, allowing unauthenticated attackers to perform SQL injection attacks
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| templateinvaders | ti_woocommerce_wishlist | < 1.40.1 | 1.40.1 |
| templateinvaders | ti_woocommerce_wishlist | >= 1.40.1 < 1.40.1 | 1.40.1 |
| templateinvaders | ti_woocommerce_wishlist_pro | >= 1.40.1 < 1.40.1 | 1.40.1 |
Detection & IOCsextracted from sources · hover to see the quote
sigma
words: ['Product not found'] AND status: 400
- →Monitor REST API requests to the wishlist/remove_product endpoint for SQL metacharacters (e.g., single quotes, UNION, SLEEP) in the item_id parameter — unauthenticated exploitation requires no credentials. ↗
- →A HTTP 400 response containing the string 'Product not found' in the body is a reliable indicator of a successful SQLi probe against this endpoint.
- →Nuclei template fingerprint (digest) for this CVE can be used to verify template integrity: 4a0a0047304502202171d3ae62181cac8743c014540c61325fe3ca7ff64a6d2312e3dd54cd7f04c2022100ba756be0a0f5f4155087d826cfa81dbbf2334f5aa518b8058b28113227685a86:922c64590222798bb761d5b6d8e72950
- ·Both the free and Pro variants of the plugin are vulnerable; ensure detection/patching covers both plugin slugs. ↗
- ·The vulnerability is exploitable by unauthenticated users, so WAF rules must apply to all traffic, not just authenticated sessions. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
WordPress TI WooCommerce Wishlist <1.40.1 - SQL Injection
nuclei·CVSS 9.8
CVE-2022-0412 [CRITICAL] WordPress TI WooCommerce Wishlist <1.40.1 - SQL Injection
WordPress TI WooCommerce Wishlist =7'
- type: word
part: body
words:
- 'Product not found'
- type: status
status:
- 400
# digest: 4a0a0047304502202171d3ae62181cac8743c014540c61325fe3ca7ff64a6d2312e3dd54cd7f04c2022100ba756be0a0f5f4155087d826cfa81dbbf2334f5aa518b8058b28113227685a86:922c64590222798bb761d5b6d8e72950
2022-02-28
Published