WordPress Plugin Vulnerabilities

YITH WooCommerce Wishlist < 2.2.0 - Authenticated SQL Injection

Description

The YITH WooCommerce Wishlist WordPress plugin was affected by an Authenticated SQL Injection security vulnerability.

Affects Plugins

Plugin icon
yith-woocommerce-wishlist
Fixed in 2.2.0

References

URL
https://blog.sucuri.net/2018/01/sqli-vulnerability-in-yith-woocommerce-wishlist.html

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
642a8338-698a-4e6e-8253-1d426b03daac

Timeline

Publicly Published
2018-01-16 (about 8 years ago)
Added
2018-01-17 (about 8 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2024-09-26
Title
WPExperts Square For GiveWP < 1.3.2 - Subscriber+ SQL Injection
Published
2014-08-01
Title
blogVault 1.05 - admin.php blogVault Key Setting CSRF
Published
2014-11-05
Title
WordPress Store Locator 2.3-3.11 - SQL Injection
Published
2025-01-18
Title
LTL Freight Quotes – Worldwide Express Edition < 5.0.21 - Unauthenticated SQL Injection
Published
2022-12-05
Title
Contest Gallery Pro < 19.1.5 - Admin+ SQL Injection