What is CVE-2022-0412?

CVE-2022-0412 is a vulnerability in Templateinvaders Ti Woocommerce Wishlist, classified under SQL Injection. Published 2022-02-28.

Is CVE-2022-0412 known to be exploited?

7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Templateinvaders Ti Woocommerce Wishlist

CVE-2022-0412

The TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI WooCommerce Wishlist Pro WordPress plugin before 1.40.1 do not sanitise and escape the item_id parameter before using it in a SQL statement via the wishlist/remove_product REST…

Vulnerability class: SQL Injection

EPSS: 0.859 (99.4th percentile) — read the EPSS interpretation.

Affected products

Templateinvaders Ti Woocommerce Wishlist — versions 1.40.1
Templateinvaders Ti Woocommerce Wishlist Pro — versions 1.40.1

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

References

wpscan.com/vulnerability/e984ba11-abeb-4ed4-9dad-0bfd539a9682 (x_refsource_MISC)
plugins.trac.wordpress.org/changeset/2668899 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2022-0412?: CVE-2022-0412 is a vulnerability in Templateinvaders Ti Woocommerce Wishlist, classified under SQL Injection. Published 2022-02-28.
Is CVE-2022-0412 known to be exploited?: 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.