CVE-2022-0412 Scanner
Detects 'SQL Injection' vulnerability in WooCommerce Wishlist plugin for Wordpress and pro version affects v. before 1.40.1.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month
Scan only one
Domain, IPv4
Toolbox
-
The WooCommerce Wishlist plugin is a handy tool for online shoppers who often add items to their wishlist for future purchases. This plugin allows users to create a list of products that they might want to buy in the future. It is available as a free version as well as a pro version that comes with advanced features such as social sharing and email reminders.
Recently, a vulnerability detected in the TI WooCommerce Wishlist and TI WooCommerce Wishlist Pro plugins has raised concerns. The CVE-2022-0412 vulnerability refers to SQL injection attacks that can be carried out by exploiting the item_id parameter in the wishlist/remove_product REST endpoint. This vulnerability allows attackers to bypass authentication and execute unauthorized SQL queries.
If exploited, this vulnerability can lead to complete data loss, damage to the database and loss of personal information. Unauthenticated attackers can gain access to sensitive information such as customer data, login credentials, and transaction details. This can negatively impact an e-commerce business, reducing customer trust and hurting brand reputation.
In conclusion, the TI WooCommerce Wishlist and TI WooCommerce Wishlist Pro plugins have some vulnerabilities that could adversely affect e-commerce businesses. However, using a tool like the s4e.io platform can help website owners stay informed about such vulnerabilities. With advanced features like automatic vulnerability scanning, easy-to-read security reports, and personalized security recommendations, website owners can keep their digital assets safe from cyber-attacks.
REFERENCES