cbcvebase.
CVE-2022-0412
published 2022-02-28

CVE-2022-0412: The TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI WooCommerce Wishlist Pro WordPress plugin before 1.40.1 do not sanitise and escape the item_id…

PriorityP181critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
74.58%
99.4th percentile
The TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI WooCommerce Wishlist Pro WordPress plugin before 1.40.1 do not sanitise and escape the item_id parameter before using it in a SQL statement via the wishlist/remove_product REST endpoint, allowing unauthenticated attackers to perform SQL injection attacks

Affected

3 ranges
VendorProductVersion rangeFixed in
templateinvadersti_woocommerce_wishlist< 1.40.11.40.1
templateinvadersti_woocommerce_wishlist>= 1.40.1 < 1.40.11.40.1
templateinvadersti_woocommerce_wishlist_pro>= 1.40.1 < 1.40.11.40.1

Detection & IOCsextracted from sources · hover to see the quote

url/wp-json/ti-woocommerce-wishlist/v1/wishlist/remove_product
sigma
words: ['Product not found'] AND status: 400
  • Monitor REST API requests to the wishlist/remove_product endpoint for SQL metacharacters (e.g., single quotes, UNION, SLEEP) in the item_id parameter — unauthenticated exploitation requires no credentials.
  • A HTTP 400 response containing the string 'Product not found' in the body is a reliable indicator of a successful SQLi probe against this endpoint.
  • Nuclei template fingerprint (digest) for this CVE can be used to verify template integrity: 4a0a0047304502202171d3ae62181cac8743c014540c61325fe3ca7ff64a6d2312e3dd54cd7f04c2022100ba756be0a0f5f4155087d826cfa81dbbf2334f5aa518b8058b28113227685a86:922c64590222798bb761d5b6d8e72950
  • ·Both the free and Pro variants of the plugin are vulnerable; ensure detection/patching covers both plugin slugs.
  • ·The vulnerability is exploitable by unauthenticated users, so WAF rules must apply to all traffic, not just authenticated sessions.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.