TI WooCommerce Wishlist, 36a05bf01804a47fe2e3759b129a8e68e07b42a9

CVE, Research URL: 36a05bf01804a47fe2e3759b129a8e68e07b42a9
Home page URL: Security reports for TI WooCommerce Wishlist
Application: TI WooCommerce Wishlist
Published on: Jul 31, 2023
Research Description: TI WooCommerce Wishlist [ti-woocommerce-wishlist] < 2.7.4 TI WooCommerce Wishlist <= 2.7.3 - Unauthenticated Blind SQL Injection via Rest API The TI WooCommerce Wishlistplugin for WordPress is vulnerable to blind SQL Injection via the user_id parameter in versions up to, and including, 2.7.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions: max 2.7.4.
Status: vulnerable