Beta

Report

Note Press <= 0.1.10 is vulnerable to Authenticated SQL Injection (SQLi) vulnerability

Administrator
Published
2022-05-11

The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection.

CVE

https://www.cve.org/CVERecord?id=CVE-2022-1690

CVSS

Score:6.6

Severity:Medium

Version: 0.1.10

The plugin vendor has not patched this vulnerability at the moment.