Security for everyone

CVE-2022-0412 Scanner

Detects 'SQL Injection' vulnerability in WooCommerce Wishlist plugin for Wordpress and pro version affects v. before 1.40.1.


Short Info



Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Domain, Ipv4



The WooCommerce Wishlist plugin is a handy tool for online shoppers who often add items to their wishlist for future purchases. This plugin allows users to create a list of products that they might want to buy in the future. It is available as a free version as well as a pro version that comes with advanced features such as social sharing and email reminders.

Recently, a vulnerability detected in the TI WooCommerce Wishlist and TI WooCommerce Wishlist Pro plugins has raised concerns. The CVE-2022-0412 vulnerability refers to SQL injection attacks that can be carried out by exploiting the item_id parameter in the wishlist/remove_product REST endpoint. This vulnerability allows attackers to bypass authentication and execute unauthorized SQL queries.

If exploited, this vulnerability can lead to complete data loss, damage to the database and loss of personal information. Unauthenticated attackers can gain access to sensitive information such as customer data, login credentials, and transaction details. This can negatively impact an e-commerce business, reducing customer trust and hurting brand reputation.

In conclusion, the TI WooCommerce Wishlist and TI WooCommerce Wishlist Pro plugins have some vulnerabilities that could adversely affect e-commerce businesses. However, using a tool like the platform can help website owners stay informed about such vulnerabilities. With advanced features like automatic vulnerability scanning, easy-to-read security reports, and personalized security recommendations, website owners can keep their digital assets safe from cyber-attacks.



cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture