CVE-2024-9156
📋 TL;DR
This SQL injection vulnerability in the TI WooCommerce Wishlist WordPress plugin allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can extract sensitive information like user credentials, payment data, and other database contents. All WordPress sites using vulnerable versions of this plugin are affected.
💻 Affected Systems
- TI WooCommerce Wishlist WordPress Plugin
📦 What is this software?
Ti Woocommerce Wishlist by Templateinvaders
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including admin credentials, customer PII, payment information, and potential site takeover via privilege escalation.
Likely Case
Data exfiltration of user information, email addresses, and potentially hashed passwords from the WordPress database.
If Mitigated
Limited information disclosure if database permissions are properly restricted and sensitive data is encrypted.
🎯 Exploit Status
SQL injection vulnerabilities in WordPress plugins are frequently weaponized. The unauthenticated nature and low complexity make this attractive to attackers.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.8.3 or later
Vendor Advisory: https://wpscan.com/vulnerability/e95974f9-1f68-4181-89b0-3559d61cfa93/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find TI WooCommerce Wishlist. 4. Click 'Update Now' if update is available. 5. Alternatively, download version 2.8.3+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Disable Plugin
allTemporarily disable the vulnerable plugin until patched
wp plugin deactivate ti-woocommerce-wishlist
Web Application Firewall Rule
allBlock SQL injection patterns targeting the wishlist plugin endpoints
Modify WAF to block requests containing SQL injection patterns to /wp-content/plugins/ti-woocommerce-wishlist/
🧯 If You Can't Patch
- Implement strict database user permissions with minimal privileges
- Deploy a web application firewall with SQL injection protection rules
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → TI WooCommerce Wishlist → Version. If version is 2.8.2 or lower, you are vulnerable.Check Version:
wp plugin get ti-woocommerce-wishlist --field=versionVerify Fix Applied:
Verify plugin version is 2.8.3 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- Multiple requests to wishlist endpoints with SQL-like parameters
- 429 or 500 errors from wishlist plugin endpoints
Network Indicators:
- POST/GET requests to /wp-content/plugins/ti-woocommerce-wishlist/ with SQL injection patterns
- Unusual outbound database connections from web server
SIEM Query:
source="web_logs" AND (uri="/wp-content/plugins/ti-woocommerce-wishlist/*" AND (param="*UNION*" OR param="*SELECT*" OR param="*INSERT*" OR param="*DELETE*"))