Skip to main content

Premmerce Wishlist For Woocommerce

1 CVEs product

Monthly

CVE-2026-54849 CRITICAL Act Now

SQL injection in the Premmerce Wishlist for WooCommerce WordPress plugin (versions 1.1.11 and earlier) lets remote unauthenticated attackers inject crafted SQL into backend database queries, per the CVSS PR:N vector. Reported by Patchstack and rated 9.3 (CVSS 3.1), it allows extraction of sensitive WordPress/WooCommerce data such as user records and credential hashes. There is no public exploit identified at time of analysis, it is not listed in CISA KEV, and no EPSS score was provided.

WordPress SQLi Premmerce Wishlist For Woocommerce
NVD
CVSS 3.1
9.3
EPSS
0.2%
EPSS 0% CVSS 9.3
CRITICAL Act Now

SQL injection in the Premmerce Wishlist for WooCommerce WordPress plugin (versions 1.1.11 and earlier) lets remote unauthenticated attackers inject crafted SQL into backend database queries, per the CVSS PR:N vector. Reported by Patchstack and rated 9.3 (CVSS 3.1), it allows extraction of sensitive WordPress/WooCommerce data such as user records and credential hashes. There is no public exploit identified at time of analysis, it is not listed in CISA KEV, and no EPSS score was provided.

WordPress SQLi Premmerce Wishlist For Woocommerce
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy