Aggregates CVE and security vulnerability intelligence across all datainterlock-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk sql injection, with potential vendor impact data exposure across vendor surface software deployment and vendor surface production workloads use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-1690 | The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection | [email protected] | 2.7 | 0.25% | 2022-06-08 | 2024-11-21 |
| CVE-2022-1689 | The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the Update parameter before using it in a SQL statement when updating a note via the admin dashboard, leading to an SQL injection | [email protected] | 2.7 | 0.25% | 2022-06-08 | 2024-11-21 |
| CVE-2022-1688 | The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injections | [email protected] | 2.7 | 0.25% | 2022-06-08 | 2024-11-21 |
| CVE-2017-18548 | The note-press plugin before 0.1.2 for WordPress has SQL injection. | [email protected] | 9.8 | 0.60% | 2019-08-16 | 2024-11-21 |