CVE-2024-43917

CRITICAL EXPLOITED NUCLEI

WordPress TI WooCommerce Wishlist SQL Injection (CVE-2024-43917)

Title source: metasploit

Exploitation Summary

CVE-2024-43917 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 4 public exploits from researchers including p33d, adminlove520, sug4r-wr41th, including a Metasploit module auxiliary/scanner/http/wp_ti_woocommerce_wishlist_sqli. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional Python script that demonstrates an SQL injection vulnerability in the TI WooCommerce Wishlist plugin for WordPress. The exploit targets unauthenticated SQLi via the 'order' parameter in the plugin's API endpoint, allowing arbitrary SQL command execution.

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows SQL Injection.This issue affects TI WooCommerce Wishlist: from n/a through 2.8.2.

Exploits (4)

nomisec WORKING POC 8 stars

by p33d · infoleak

https://github.com/p33d/CVE-2024-43917

View Code ZIP pw:eip

This repository contains a functional Python script that demonstrates an SQL injection vulnerability in the TI WooCommerce Wishlist plugin for WordPress. The exploit targets unauthenticated SQLi via the 'order' parameter in the plugin's API endpoint, allowing arbitrary SQL command execution.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: TI WooCommerce Wishlist plugin for WordPress (versions up to 2.8.2)

No auth needed

Prerequisites: Python 3.x · requests library · vulnerable WordPress site with TI WooCommerce Wishlist plugin

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

github WORKING POC 2 stars

by adminlove520 · pythonpoc

https://github.com/adminlove520/CVE-Poc_All_in_One/tree/main/2024/CVE-2024-43917

View Code ZIP pw:eip

The repository contains functional exploit code for multiple CVEs, including authentication bypass vulnerabilities in TOTOLINK devices and a scanner for Fortinet SSL VPN (CVE-2024-21762). The PoCs demonstrate the vulnerabilities with clear technical details and functional code.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: TOTOLINK LR350, TOTOLINK T6, Fortinet SSL VPN

No auth needed

Prerequisites: network access to the target device

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed Feb 27, 2026 Full analysis →

nomisec WORKING POC

by sug4r-wr41th · remote

https://github.com/sug4r-wr41th/CVE-2024-43917

View Code ZIP pw:eip

This repository contains a functional Python script that exploits CVE-2024-43917, an SQL injection vulnerability in the TI WooCommerce Wishlist WordPress plugin. The exploit sends crafted HTTP requests to inject SQL commands via the 'order' parameter in the wishlist API endpoint.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: TI WooCommerce Wishlist (WordPress plugin) <= 2.8.2

No auth needed

Prerequisites: Target must have the vulnerable plugin installed · Valid share key of the wish list

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

metasploit WORKING POC

by Rafie Muhammad, Valentin Lobstein · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/wp_ti_woocommerce_wishlist_sqli.rb

View Code ZIP pw:eip

This Metasploit module exploits an unauthenticated SQL injection vulnerability in the TI WooCommerce Wishlist plugin (CVE-2024-43917) by retrieving a share key via bruteforce and then performing time-based blind SQL injection to extract user credentials.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: TI WooCommerce Wishlist plugin <= 2.8.2

No auth needed

Prerequisites: Target must have the vulnerable plugin installed and accessible

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

WordPress TI WooCommerce Wishlist Plugin <= 2.8.2 - SQL Injection

CRITICALVERIFIEDby iamnoooob,rootxharsh,pdresearch

FOFA: body="/wp-content/plugins/ti-woocommerce-wishlist/"

References (1)

Core 1

Core References

Third Party Advisory vdb-entry

https://patchstack.com/database/vulnerability/ti-woocommerce-wishlist/wordpress-ti-woocommerce-wishlist-plugin-2-8-2-sql-injection-vulnerability?_s_id=cve

Scores

CVSS v3 9.3

EPSS 0.2177

EPSS Percentile 97.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

VulnCheck KEV 2024-08-24

CWE

CWE-89

Status published

Products (2)

TemplateInvaders/TI WooCommerce Wishlist < 2.8.2

templateinvaders/ti_woocommerce_wishlist < 2.8.2

Published Aug 29, 2024

Tracked Since Feb 18, 2026