Plugin <= 2.8.2 is vulnerable to SQL Injection

[PaulSchiretz]

Hi @doozy @hogash @auerserg @StanMarsh @widdydev @rexwebmedia

As multiple users pointed out, it seems there is a vulnerability in the latest version 2.8.2 of the plugin.

https://patchstack.com/database/vulnerability/ti-woocommerce-wishlist/wordpress-ti-woocommerce-wishlist-plugin-2-8-2-sql-injection-vulnerability?_a_id=431

Can someone have a look at that? I tried to have a brief look in the code, but haven't discovert it on a short search, but i'm sure it might be easy to find and fix... but i don't have any means to push a new version...

Would be just great if we could keep this plugin alive!!!

Cheers, Paul

[PaulSchiretz]

I debugged the issue and found the problem, although would need some more info to provide a fix.

if you need help solving this, feel free to contact me, i'm happy to help 👋

[saimakhan77788]

i find that but now how to exploit this ? any command that help me to get that data form database

[doozy]

@PaulSchiretz Thank you for the pull request. I've merged it and will add other fixes related to this vulnerability