Skip to content
Verified reproduction

CVE-2026-54849: Premmerce Wishlist for WooCommerce unauthenticated SQL injection

CVE-2026-54849 is verified against the affected target vulnerability class: SQLi This critical reproduction includes runnable sandbox proof, artifacts, and a plain-text agent view under REPRO-2026-00251.

REPRO-2026-00251 SQLi Variant found Jul 6, 2026 .txt
Severity CRITICAL
Confidence HIGH
Reproduced in 27m 26s
Tool calls 177
Spend $3.23
$ pruva-verify REPRO-2026-00251
or curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00251/artifacts/bundle/repro/reproduction_steps.sh && chmod +x reproduction_steps.sh && ./reproduction_steps.sh
Run in a VM or disposable container. This exploits a real vulnerability.
02 · The vulnerability

Unauthenticated SQL injection exists in Premmerce Wishlist for WooCommerce <= 1.1.11. Reproduce: install WordPress with the vulnerable plugin, send an unauthenticated request containing a SQL injection payload in the affected parameter, and observe database error or extract data.

03 · Root cause
Variant analysis
04 · Reproduction transcript

The agent's step-by-step process — every tool call, every handoff, the moment the exploit fired. Phases: support triages the advisory · repro reproduces it · vuln_variant confirms the fix blocks it · judge verifies.

Loading session...

05 · Artifacts

Scripts, logs, diffs, and output captured during the reproduction.

bundle/artifact_promotion_manifest.json16.1 KB
bundle/logs/vuln_variant_reproduction.log10.1 KB
bundle/vuln_variant/source_identity.json3.0 KB
bundle/vuln_variant/root_cause_equivalence.json3.4 KB
bundle/repro/reproduction_steps.sh13.6 KB
bundle/repro/rca_report.md11.2 KB
bundle/repro/validation_verdict.json1.0 KB
bundle/repro/runtime_manifest.json1.3 KB
bundle/repro/artifacts/vuln_union_1.body4.6 KB
bundle/repro/artifacts/fixed_union_1.body4.1 KB
bundle/repro/artifacts/vuln_sleep_1.body4.6 KB
bundle/repro/artifacts/fixed_sleep_1.body4.1 KB
bundle/logs/reproduction_steps.log6.2 KB
bundle/repro/artifacts/fixed_sleep_2.body4.1 KB
bundle/repro/artifacts/fixed_union_2.body4.1 KB
bundle/repro/artifacts/vuln_sleep_2.body4.6 KB
bundle/repro/artifacts/vuln_union_2.body4.6 KB
bundle/vuln_variant/reproduction_steps.sh19.0 KB
bundle/vuln_variant/runtime_manifest.json2.3 KB
bundle/vuln_variant/validation_verdict.json2.0 KB
bundle/vuln_variant/artifacts/c1_vuln.body4.3 KB
bundle/vuln_variant/artifacts/c1_fixed.body3.8 KB
bundle/vuln_variant/artifacts/c3_vuln.body51.3 KB
bundle/vuln_variant/artifacts/c3_fixed.body49.7 KB
bundle/vuln_variant/rca_report.md14.4 KB
bundle/vuln_variant/patch_analysis.md9.3 KB
bundle/vuln_variant/variant_manifest.json6.6 KB
bundle/vuln_variant/artifacts/c0_fixed.body4.1 KB
bundle/vuln_variant/artifacts/c0_latest.body4.1 KB
bundle/vuln_variant/artifacts/c0_vuln.body4.6 KB
bundle/vuln_variant/artifacts/c1_latest.body3.8 KB
bundle/vuln_variant/artifacts/c2_fixed.body0.0 KB
bundle/vuln_variant/artifacts/c2_latest.body0.0 KB
bundle/vuln_variant/artifacts/c2_vuln.body0.0 KB
bundle/vuln_variant/artifacts/c3_latest.body49.7 KB