CVE-2022-1690

CWE-89 — SQL Injection CWE-119 — Buffer Overflow5 documents5 sources

Severity

2.7LOW

EPSS

0.2%

top 60.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Note Press Datainterlock Note Press

Timeline

PublishedJun 8

Latest updateDec 27

Description

The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5unknown/note_press0.1.10 — 0.1.10

▶NVDdatainterlock/note_press0.1.10

🔴Vulnerability Details

GHSA

GHSA-r5jm-8rmg-j57w: The Note Press WordPress plugin through 0↗2022-06-09

▶

CVEList

Note Press <= 0.1.10 - Admin+ SQLi via Bulk Actions↗2022-06-06

▶

📋Vendor Advisories

CISA

Mozilla Firefox and Thunderbird Denial-of-Service Vulnerability↗2022-03-28

▶

🕵️Threat Intelligence

Wiz

CVE-2022-47939 critical vulnerability in Linux kernel `ksmbd` module: everything you need to know | Wiz Blog↗2022-12-27

▶