Search criteria
4 vulnerabilities by datainterlock
CVE-2022-1690 (GCVE-0-2022-1690)
Vulnerability from cvelistv5 – Published: 2022-06-06 08:51 – Updated: 2024-08-03 00:10
VLAI
Title
Note Press <= 0.1.10 - Admin+ SQLi via Bulk Actions
Summary
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection
Severity
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/54e16f0a-667c-44… | x_refsource_MISC |
| https://bulletin.iese.de/post/note-press_0-1-10_3 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Note Press |
Affected:
0.1.10 , ≤ 0.1.10
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.752Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/54e16f0a-667c-44ea-98ad-0306c4a35d9d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bulletin.iese.de/post/note-press_0-1-10_3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Note Press",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "0.1.10",
"status": "affected",
"version": "0.1.10",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Daniel Krohmer (Fraunhofer IESE)"
},
{
"lang": "en",
"value": "Shi Chen (University of Kaiserslautern)"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T08:51:26.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/54e16f0a-667c-44ea-98ad-0306c4a35d9d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bulletin.iese.de/post/note-press_0-1-10_3"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Note Press \u003c= 0.1.10 - Admin+ SQLi via Bulk Actions",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1690",
"STATE": "PUBLIC",
"TITLE": "Note Press \u003c= 0.1.10 - Admin+ SQLi via Bulk Actions"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Note Press",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "0.1.10",
"version_value": "0.1.10"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Daniel Krohmer (Fraunhofer IESE)"
},
{
"lang": "eng",
"value": "Shi Chen (University of Kaiserslautern)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/54e16f0a-667c-44ea-98ad-0306c4a35d9d",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/54e16f0a-667c-44ea-98ad-0306c4a35d9d"
},
{
"name": "https://bulletin.iese.de/post/note-press_0-1-10_3",
"refsource": "MISC",
"url": "https://bulletin.iese.de/post/note-press_0-1-10_3"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1690",
"datePublished": "2022-06-06T08:51:26.000Z",
"dateReserved": "2022-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:10:03.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1689 (GCVE-0-2022-1689)
Vulnerability from cvelistv5 – Published: 2022-06-06 08:51 – Updated: 2024-08-03 00:10
VLAI
Title
Note Press <= 0.1.10 - Admin+ SQLi via Update
Summary
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the Update parameter before using it in a SQL statement when updating a note via the admin dashboard, leading to an SQL injection
Severity
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/982f84a1-216d-41… | x_refsource_MISC |
| https://bulletin.iese.de/post/note-press_0-1-10_2 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Note Press |
Affected:
0.1.10 , ≤ 0.1.10
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/982f84a1-216d-41ed-87bd-433b695cec28"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bulletin.iese.de/post/note-press_0-1-10_2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Note Press",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "0.1.10",
"status": "affected",
"version": "0.1.10",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Daniel Krohmer (Fraunhofer IESE)"
},
{
"lang": "en",
"value": "Shi Chen (University of Kaiserslautern)"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the Update parameter before using it in a SQL statement when updating a note via the admin dashboard, leading to an SQL injection"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T08:51:24.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/982f84a1-216d-41ed-87bd-433b695cec28"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bulletin.iese.de/post/note-press_0-1-10_2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Note Press \u003c= 0.1.10 - Admin+ SQLi via Update",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1689",
"STATE": "PUBLIC",
"TITLE": "Note Press \u003c= 0.1.10 - Admin+ SQLi via Update"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Note Press",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "0.1.10",
"version_value": "0.1.10"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Daniel Krohmer (Fraunhofer IESE)"
},
{
"lang": "eng",
"value": "Shi Chen (University of Kaiserslautern)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the Update parameter before using it in a SQL statement when updating a note via the admin dashboard, leading to an SQL injection"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/982f84a1-216d-41ed-87bd-433b695cec28",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/982f84a1-216d-41ed-87bd-433b695cec28"
},
{
"name": "https://bulletin.iese.de/post/note-press_0-1-10_2",
"refsource": "MISC",
"url": "https://bulletin.iese.de/post/note-press_0-1-10_2"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1689",
"datePublished": "2022-06-06T08:51:24.000Z",
"dateReserved": "2022-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:10:03.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1688 (GCVE-0-2022-1688)
Vulnerability from cvelistv5 – Published: 2022-06-06 08:51 – Updated: 2024-08-03 00:10
VLAI
Title
Note Press <= 0.1.10 - Admin+ SQLi via id
Summary
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injections
Severity
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/63d4444b-9b04-47… | x_refsource_MISC |
| https://bulletin.iese.de/post/note-press_0-1-10_1 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Note Press |
Affected:
0.1.10 , ≤ 0.1.10
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/63d4444b-9b04-47f5-a692-c6c6c8ea7d92"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bulletin.iese.de/post/note-press_0-1-10_1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Note Press",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "0.1.10",
"status": "affected",
"version": "0.1.10",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Daniel Krohmer (Fraunhofer IESE)"
},
{
"lang": "en",
"value": "Shi Chen (University of Kaiserslautern)"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injections"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T08:51:23.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/63d4444b-9b04-47f5-a692-c6c6c8ea7d92"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bulletin.iese.de/post/note-press_0-1-10_1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Note Press \u003c= 0.1.10 - Admin+ SQLi via id",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1688",
"STATE": "PUBLIC",
"TITLE": "Note Press \u003c= 0.1.10 - Admin+ SQLi via id"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Note Press",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "0.1.10",
"version_value": "0.1.10"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Daniel Krohmer (Fraunhofer IESE)"
},
{
"lang": "eng",
"value": "Shi Chen (University of Kaiserslautern)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injections"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/63d4444b-9b04-47f5-a692-c6c6c8ea7d92",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/63d4444b-9b04-47f5-a692-c6c6c8ea7d92"
},
{
"name": "https://bulletin.iese.de/post/note-press_0-1-10_1",
"refsource": "MISC",
"url": "https://bulletin.iese.de/post/note-press_0-1-10_1"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1688",
"datePublished": "2022-06-06T08:51:23.000Z",
"dateReserved": "2022-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:10:03.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-18548 (GCVE-0-2017-18548)
Vulnerability from cvelistv5 – Published: 2019-08-16 13:42 – Updated: 2024-08-05 21:28
VLAI
Summary
The note-press plugin before 0.1.2 for WordPress has SQL injection.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wordpress.org/plugins/note-press/#developers | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:28:55.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/note-press/#developers"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The note-press plugin before 0.1.2 for WordPress has SQL injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-16T13:42:38.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/note-press/#developers"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The note-press plugin before 0.1.2 for WordPress has SQL injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/note-press/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/note-press/#developers"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18548",
"datePublished": "2019-08-16T13:42:38.000Z",
"dateReserved": "2019-08-16T00:00:00.000Z",
"dateUpdated": "2024-08-05T21:28:55.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}