CVE-2022-1688

CVE-2022-1688: Note Press <= 0.1.10 - Admin+ SQLi via id

Vendor Unknown

Product Note Press

Weakness CWE-89 · SQLi

Published June 6, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injections

Key dates

02Disclosure timeline

June 6, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1688 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2025-9837 itsourcecode Student Information Management System index.php sql injection CVE-2025-11663 Campcodes Online Beauty Parlor Management System manage-services.php sql injection CVE-2025-2041 s-a-zhd Ecommerce-Website-using-PHP shop.php sql injection CVE-2021-24626 Chameleon CSS <= 1.2 - Subscriber+ SQL Injection CVE-2025-7562 PHPGurukul Online Fire Reporting System new-requests.php sql injection