As part of our regular research audits for our Sucuri Firewall, we discovered an SQL Injection vulnerability affecting the YITH WooCommerce Wishlist plugin for WordPress. This plugin allows visitors and potential customers to make wish lists containing products in the WooCommerce store, and is currently installed on 500,000+ websites.
Are You at Risk?
This vulnerability is caused by the lack of sanitization of user provided data in versions below 2.2.0.
Continue reading SQLi Vulnerability in YITH WooCommerce Wishlist at Sucuri Blog.