Please be aware that there is an SQL Injection vulnerability affecting the YITH WooCommerce Wishlist plugin for WordPress. This plugin allows visitors and potential customers to make wish lists containing products in the WooCommerce store and is currently installed on more than 500,000 websites.

This vulnerability is caused by the lack of sanitization of user-provided data in versions below 2.2.0. An attacker (with at least a subscriber account) could leak sensitive data, and in certain configurations could compromise your entire WordPress installation.

Please note that this is easily exploited in servers running MySQL versions before 5.7.

Security Risk: Dangerous

Exploitation Level: Easy/Remote

Vulnerability: SQL Injection

Patched Version: 2.2.0

Patch this vulnerability immediately!

Patched version 2.2.0 is available here