Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities by datainterlock
CVE-2022-1690 (GCVE-0-2022-1690)
Vulnerability from cvelistv5 – Published: 2022-06-06 08:51 – Updated: 2024-08-03 00:10
VLAI?
Title
Note Press <= 0.1.10 - Admin+ SQLi via Bulk Actions
Summary
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection
Severity ?
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Note Press |
Affected:
0.1.10 , ≤ 0.1.10
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.752Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/54e16f0a-667c-44ea-98ad-0306c4a35d9d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bulletin.iese.de/post/note-press_0-1-10_3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Note Press",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "0.1.10",
"status": "affected",
"version": "0.1.10",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Daniel Krohmer (Fraunhofer IESE)"
},
{
"lang": "en",
"value": "Shi Chen (University of Kaiserslautern)"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T08:51:26.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/54e16f0a-667c-44ea-98ad-0306c4a35d9d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bulletin.iese.de/post/note-press_0-1-10_3"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Note Press \u003c= 0.1.10 - Admin+ SQLi via Bulk Actions",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1690",
"STATE": "PUBLIC",
"TITLE": "Note Press \u003c= 0.1.10 - Admin+ SQLi via Bulk Actions"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Note Press",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "0.1.10",
"version_value": "0.1.10"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Daniel Krohmer (Fraunhofer IESE)"
},
{
"lang": "eng",
"value": "Shi Chen (University of Kaiserslautern)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/54e16f0a-667c-44ea-98ad-0306c4a35d9d",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/54e16f0a-667c-44ea-98ad-0306c4a35d9d"
},
{
"name": "https://bulletin.iese.de/post/note-press_0-1-10_3",
"refsource": "MISC",
"url": "https://bulletin.iese.de/post/note-press_0-1-10_3"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1690",
"datePublished": "2022-06-06T08:51:26.000Z",
"dateReserved": "2022-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:10:03.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1689 (GCVE-0-2022-1689)
Vulnerability from cvelistv5 – Published: 2022-06-06 08:51 – Updated: 2024-08-03 00:10
VLAI?
Title
Note Press <= 0.1.10 - Admin+ SQLi via Update
Summary
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the Update parameter before using it in a SQL statement when updating a note via the admin dashboard, leading to an SQL injection
Severity ?
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Note Press |
Affected:
0.1.10 , ≤ 0.1.10
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/982f84a1-216d-41ed-87bd-433b695cec28"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bulletin.iese.de/post/note-press_0-1-10_2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Note Press",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "0.1.10",
"status": "affected",
"version": "0.1.10",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Daniel Krohmer (Fraunhofer IESE)"
},
{
"lang": "en",
"value": "Shi Chen (University of Kaiserslautern)"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the Update parameter before using it in a SQL statement when updating a note via the admin dashboard, leading to an SQL injection"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T08:51:24.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/982f84a1-216d-41ed-87bd-433b695cec28"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bulletin.iese.de/post/note-press_0-1-10_2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Note Press \u003c= 0.1.10 - Admin+ SQLi via Update",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1689",
"STATE": "PUBLIC",
"TITLE": "Note Press \u003c= 0.1.10 - Admin+ SQLi via Update"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Note Press",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "0.1.10",
"version_value": "0.1.10"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Daniel Krohmer (Fraunhofer IESE)"
},
{
"lang": "eng",
"value": "Shi Chen (University of Kaiserslautern)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the Update parameter before using it in a SQL statement when updating a note via the admin dashboard, leading to an SQL injection"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/982f84a1-216d-41ed-87bd-433b695cec28",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/982f84a1-216d-41ed-87bd-433b695cec28"
},
{
"name": "https://bulletin.iese.de/post/note-press_0-1-10_2",
"refsource": "MISC",
"url": "https://bulletin.iese.de/post/note-press_0-1-10_2"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1689",
"datePublished": "2022-06-06T08:51:24.000Z",
"dateReserved": "2022-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:10:03.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1688 (GCVE-0-2022-1688)
Vulnerability from cvelistv5 – Published: 2022-06-06 08:51 – Updated: 2024-08-03 00:10
VLAI?
Title
Note Press <= 0.1.10 - Admin+ SQLi via id
Summary
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injections
Severity ?
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Note Press |
Affected:
0.1.10 , ≤ 0.1.10
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/63d4444b-9b04-47f5-a692-c6c6c8ea7d92"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bulletin.iese.de/post/note-press_0-1-10_1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Note Press",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "0.1.10",
"status": "affected",
"version": "0.1.10",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Daniel Krohmer (Fraunhofer IESE)"
},
{
"lang": "en",
"value": "Shi Chen (University of Kaiserslautern)"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injections"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T08:51:23.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/63d4444b-9b04-47f5-a692-c6c6c8ea7d92"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bulletin.iese.de/post/note-press_0-1-10_1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Note Press \u003c= 0.1.10 - Admin+ SQLi via id",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1688",
"STATE": "PUBLIC",
"TITLE": "Note Press \u003c= 0.1.10 - Admin+ SQLi via id"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Note Press",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "0.1.10",
"version_value": "0.1.10"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Daniel Krohmer (Fraunhofer IESE)"
},
{
"lang": "eng",
"value": "Shi Chen (University of Kaiserslautern)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injections"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/63d4444b-9b04-47f5-a692-c6c6c8ea7d92",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/63d4444b-9b04-47f5-a692-c6c6c8ea7d92"
},
{
"name": "https://bulletin.iese.de/post/note-press_0-1-10_1",
"refsource": "MISC",
"url": "https://bulletin.iese.de/post/note-press_0-1-10_1"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1688",
"datePublished": "2022-06-06T08:51:23.000Z",
"dateReserved": "2022-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:10:03.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-18548 (GCVE-0-2017-18548)
Vulnerability from cvelistv5 – Published: 2019-08-16 13:42 – Updated: 2024-08-05 21:28
VLAI?
Summary
The note-press plugin before 0.1.2 for WordPress has SQL injection.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:28:55.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/note-press/#developers"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The note-press plugin before 0.1.2 for WordPress has SQL injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-16T13:42:38.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/note-press/#developers"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The note-press plugin before 0.1.2 for WordPress has SQL injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/note-press/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/note-press/#developers"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18548",
"datePublished": "2019-08-16T13:42:38.000Z",
"dateReserved": "2019-08-16T00:00:00.000Z",
"dateUpdated": "2024-08-05T21:28:55.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}