cbcvebase.
CVE-2024-43917
published 2024-08-29

CVE-2024-43917: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows SQL…

PriorityP187critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEVInitial access
Exploited in the wild
EPSS
21.77%
97.3th percentile
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows SQL Injection.This issue affects TI WooCommerce Wishlist: from n/a through 2.8.2.

Affected

2 ranges
VendorProductVersion rangeFixed in
templateinvadersti_woocommerce_wishlist<= 2.8.2
templateinvadersti_woocommerce_wishlistn/a – 2.8.2

Detection & IOCsextracted from sources · hover to see the quote

url/wp-admin/admin-ajax.php
sigma
title: WordPress TI WooCommerce Wishlist SQLi
condition: contains(uri, 'admin-ajax.php') and contains(content_type, 'application/json') and contains(body, 'product_id')
  • The vulnerability is unauthenticated, so no session/auth cookie is required — monitor for SQLi payloads in requests to admin-ajax.php containing 'product_id' in a JSON body.
  • Detection rule targets HTTP requests where content-type is 'application/json' AND the body contains the string 'product_id', correlated with the WordPress AJAX endpoint.
  • A Metasploit auxiliary scanner module exists for this CVE, meaning automated exploitation is trivial; prioritize detection of scanner-style repeated AJAX requests.
  • ·Vulnerability affects TI WooCommerce Wishlist versions up to and including 2.8.2 only; versions above 2.8.2 are not affected.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.