CVE Vulnerability

CVE-2022-1688

The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injections

4 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

2.7 /10

CVSS v3.0 : LOW

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://wpscan.com/vulnerability/63d4444b-9b04-47f5-a692-c6c6c8ea7d92 Exploit Third Party Advisory
https://bulletin.iese.de/post/note-press_0-1-10_1 Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:datainterlock:note_press:*:*:*:*:*:wordpress:*:*
Information

Published : 2022-06-08 10:15

Updated : 2022-06-15 07:00

NVD link : CVE-2022-1688

Mitre link : CVE-2022-1688

Products Affected
No products.
CWE
CWE-89