CVE-2024-9156
TI WooCommerce Wishlist <= 2.8.2 - Unauthenticated SQL Injection via lang parametersThe TI WooCommerce Wishlist WordPress plugin through 2.8.2 is vulnerable to SQL Injection due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
We have discovered 7,079 live websites that are affected by CVE-2024-9156.
Affected Software
| Product |  Ti Woocommerce Wishlist |
| Category | Wordpress Plugins |
| Vulnerable Domains | 7,079 live websites (47.45% of Ti Woocommerce Wishlist install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 180 versions ( 97.83% of all versions) |
Common Weakness Enumeration
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')Details
- Published - Oct 10, 2024
- Updated - Oct 10, 2024
Credits
- John Castro (finder)
- WPScan (coordinator)
CWE
CVE References
CWE References
CVE-2024-9156 usage by Country
 United States | 2,232 websites |
 Germany | 836 websites |
 France | 366 websites |
 Cyprus | 355 websites |
 Russia | 309 websites |
 GB | 286 websites |
 Poland | 184 websites |
 Italy | 180 websites |
 Spain | 173 websites |
 Netherlands | 118 websites |
CVE-2024-9156 usage by TLD
| .com | 3,263 websites |
| .ru | 245 websites |
| .de | 180 websites |
| .co.uk | 171 websites |
| .com.br | 169 websites |
| .it | 157 websites |
| .fr | 144 websites |
| .pl | 142 websites |
| .com.au | 133 websites |
| .org | 113 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-9156
Top websites that are affected by CVE-2024-9156. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *******************.com | United States | **,*** | |
| ***********.com | United States | ***,*** | |
| ******.sk |  Slovakia | ***,*** | |
| *****.**.il | Germany | ***,*** | |
| *******.pl | Poland | ***,*** | |
| **********.com | Russia | ***,*** | |
| *************.com | United States | ***,*** | |
| *******.no |  Norway | ***,*** | |
| ***************.***.au | United States | ***,*** | |
| ************.ru | Russia | ***,*** |
FAQ
CVE-2024-9156 is Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Ti Woocommerce Wishlist
A total of 7,079 websites have been identified as vulnerable to CVE-2024-9156, discovered through global website indexing conducted by WebTechSurvey.
Ti Woocommerce Wishlist is susceptible to CVE-2024-9156 vulnerability.
Ti Woocommerce Wishlist versions before, and including, 2.8.2 are vulnerable to CVE-2024-9156.