Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-7239 | 1 Jeroensormani | 1 Wp Dashboard Notes | 2025-06-09 | N/A | 7.5 HIGH |
| The WP Dashboard Notes WordPress plugin before 1.0.11 does not validate that the user has access to the post_id parameter in its wpdn_update_note AJAX action. This allows users with a role of contributor and above to update notes created by other users. | |||||
| CVE-2023-7198 | 1 Jeroensormani | 1 Wp Dashboard Notes | 2025-05-01 | N/A | 4.3 MEDIUM |
| The WP Dashboard Notes WordPress plugin before 1.0.11 is vulnerable to Insecure Direct Object References (IDOR) in post_id= parameter. Authenticated users are able to delete private notes associated with different user accounts. This poses a significant security risk as it violates the principle of least privilege and compromises the integrity and privacy of user data. | |||||