Potential SQL Injection / Malicious Wishlist Entries
-
Hi,
I’m seeing suspicious activity in my site related to the YITH Wishlist plugin. The logs show attempts to add wishlist items containing potentially malicious SQL-like input, for example:
[30-Mar-2026 20:42:53 UTC] Exception caught in get_wishlist. Invalid wishlist.. Args: Array
(
[0] => Vgha AND 5303 IN (SELECT (CHAR(113)+CHAR(106)+CHAR(98)+CHAR(113)+CHAR(113)+(SELECT (CASE WHEN (5303=5303) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(120)+CHAR(98)+CHAR(98)+CHAR(113)))– uZuA
)
..
[30-Mar-2026 20:43:04 UTC] Exception caught in get_wishlist. Invalid wishlist.. Args: Array
(
[0] => Vgha\’) ORDER BY 1– WoAa
)
You must be logged in to reply to this topic.
