A critical unauthenticated SQL injection vulnerability in Premmerce Wishlist for WooCommerce poses a severe risk of full database compromise.

This is an SQL injection vulnerability occurring in the plugin's data processing logic. An unauthenticated remote attacker can inject malicious SQL commands to bypass security controls and access sensitive data.

The ability for an unauthenticated user to execute arbitrary SQL queries represents a critical threat to business operations. Successful exploitation could lead to the total exfiltration of customer data, unauthorized administrative access, or complete site takeover, justifying the 9.3 CVSS score.

Immediate Action: Update the Premmerce Wishlist for WooCommerce plugin to the latest available version immediately to patch the injection vector.

Proactive Monitoring: Review web server and database logs for anomalous query patterns, specifically those containing SQL syntax characters or unexpected union-based requests.

Compensating Controls: Deploy a Web Application Firewall (WAF) with updated rulesets to detect and block common SQL injection patterns targeting WordPress plugins.

Public Exploit Available: Unknown

Given the critical nature of unauthenticated SQL injection, immediate patching is required to prevent unauthorized data access. Security teams should prioritize this update across all affected WordPress environments to mitigate the risk of a high-impact breach.