Vulnerability Description
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injections
CVSS Score
2.7
LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Datainterlock | Note Press | <= 0.1.10 |
Related Weaknesses (CWE)
References
- https://bulletin.iese.de/post/note-press_0-1-10_1ExploitThird Party Advisory
- https://wpscan.com/vulnerability/63d4444b-9b04-47f5-a692-c6c6c8ea7d92ExploitThird Party Advisory
- https://bulletin.iese.de/post/note-press_0-1-10_1ExploitThird Party Advisory
- https://wpscan.com/vulnerability/63d4444b-9b04-47f5-a692-c6c6c8ea7d92ExploitThird Party Advisory
FAQ
What is CVE-2022-1688?
CVE-2022-1688 is a vulnerability with a CVSS score of 2.7 (LOW). The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injections
How severe is CVE-2022-1688?
CVE-2022-1688 has been rated LOW with a CVSS base score of 2.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-1688?
Check the references section above for vendor advisories and patch information. Affected products include: Datainterlock Note Press.