S4E

CVE-2022-0412 Scanner

CVE-2022-0412 scanner - SQL Injection vulnerability in WooCommerce Wishlist plugin for Wordpress and pro version

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

1 month

Scan only one

Domain, IPv4

Toolbox

-

The WooCommerce Wishlist plugin is a handy tool for online shoppers who often add items to their wishlist for future purchases. This plugin allows users to create a list of products that they might want to buy in the future. It is available as a free version as well as a pro version that comes with advanced features such as social sharing and email reminders.

Recently, a vulnerability detected in the TI WooCommerce Wishlist and TI WooCommerce Wishlist Pro plugins has raised concerns. The CVE-2022-0412 vulnerability refers to SQL injection attacks that can be carried out by exploiting the item_id parameter in the wishlist/remove_product REST endpoint. This vulnerability allows attackers to bypass authentication and execute unauthorized SQL queries.

If exploited, this vulnerability can lead to complete data loss, damage to the database and loss of personal information. Unauthenticated attackers can gain access to sensitive information such as customer data, login credentials, and transaction details. This can negatively impact an e-commerce business, reducing customer trust and hurting brand reputation.

In conclusion, the TI WooCommerce Wishlist and TI WooCommerce Wishlist Pro plugins have some vulnerabilities that could adversely affect e-commerce businesses. However, using a tool like the s4e.io platform can help website owners stay informed about such vulnerabilities. With advanced features like automatic vulnerability scanning, easy-to-read security reports, and personalized security recommendations, website owners can keep their digital assets safe from cyber-attacks.

 

REFERENCES

Get started to protecting your Free Full Security Scan