CVE-2022-1690

CVE-2022-1690: Note Press <= 0.1.10 - Admin+ SQLi via Bulk Actions

Vendor Unknown
Product Note Press
Weakness CWE-89 · SQLi
Published June 6, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection

Key dates

02Disclosure timeline

June 6, 2022 CVE published
August 3, 2024 Record updated