exploitDog

GHSA-r5jm-8rmg-j57w

Опубликовано: 09 июн. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 2.7

Описание

The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection

The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection

Ссылки

EPSS

Процентиль: 40%

0.00181

Низкий

2.7 Low

CVSS3

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2022-1690

CVSS3: 2.7

nvd

больше 3 лет назад

The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection

EPSS

Процентиль: 40%

0.00181

Низкий

2.7 Low

CVSS3

CVE ID

Дефекты

CWE-89