Plugin <= 2.8.2 is vulnerable to SQL Injection #46
Comments
|
I debugged the issue and found the problem, although would need some more info to provide a fix. if you need help solving this, feel free to contact me, i'm happy to help 👋 |
|
i find that but now how to exploit this ? any command that help me to get that data form database |
|
@PaulSchiretz Thank you for the pull request. I've merged it and will add other fixes related to this vulnerability |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi @doozy @hogash @auerserg @StanMarsh @widdydev @rexwebmedia
As multiple users pointed out, it seems there is a vulnerability in the latest version 2.8.2 of the plugin.
https://patchstack.com/database/vulnerability/ti-woocommerce-wishlist/wordpress-ti-woocommerce-wishlist-plugin-2-8-2-sql-injection-vulnerability?_a_id=431
Can someone have a look at that? I tried to have a brief look in the code, but haven't discovert it on a short search, but i'm sure it might be easy to find and fix... but i don't have any means to push a new version...
Would be just great if we could keep this plugin alive!!!
Cheers,
Paul
The text was updated successfully, but these errors were encountered: