The scanning plugin reported a security vulnerability | WordPress.org

Resolved tenkhongco
(@kienbien1)

1 year, 4 months ago

Currently I am using wordfence and it is reported to have a security vulnerability, here is the detailed link: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/ti-woocommerce-wishlist/ti-woocommerce-wishlist-282-unauthenticated-sql-injection

Viewing 5 replies - 1 through 5 (of 5 total)

ryanothelo
(@ryanothelo)

1 year, 4 months ago

Hi, I have the same issue.

momo-fr
(@momo-fr)

1 year, 4 months ago

Hi, same to me (Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)).

tamar
(@tamar)

1 year, 4 months ago

WordPress TI WooCommerce Wishlist plugin vulnerability. Immediate update is highly recommended. Versions: <= 2.8.2. Type: SQL Injection. More details: the vulnerability allows an attacker to execute arbitrary SQL queries in the database. https://wordpress.org/plugins/ti-woocommerce-wishlist/ , https://patchstack.com/database/vulnerability/ti-woocommerce-wishlist/wordpress-ti-woocommerce-wishlist-plugin-2-8-2-sql-injection-vulnerability . Update the plugin to the latest version: https://wordpress.org/plugins/ti-woocommerce-wishlist/ . File: wp-content/plugins/ti-woocommerce-wishlist/readme.txt.

More details. When are you releasing a fix?
tamar
(@tamar)

1 year, 4 months ago
Welp, looks like the dev doesn’t care about fixing this. I’m deleting it.
- This reply was modified 1 year, 4 months ago by tamar.
Plugin Author templateinvaders
(@templateinvaders)

1 year, 3 months ago

We have updated this plugin to version 2.9.0, which includes fixes for SQL injection vulnerabilities. We strongly recommend updating your setup to the latest version!

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘The scanning plugin reported a security vulnerability’ is closed to new replies.

7 replies
4 participants
Last reply from: templateinvaders
Last activity: 1 year, 3 months ago
Status: resolved