CVE-2023-7198

Published: Feb 27, 2024Modified: May 1, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

The WP Dashboard Notes WordPress plugin before 1.0.11 is vulnerable to Insecure Direct Object References (IDOR) in post_id= parameter. Authenticated users are able to delete private notes associated with different user accounts. This poses a significant security risk as it violates the principle of least privilege and compromises the integrity and privacy of user data.

Affected (1)

Products: Jeroensormani: Wp Dashboard Notes

1 product

Wp Dashboard Notes

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jeroensormani Wp Dashboard Notes	Before 1.0.11

Related CWEs

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (2)

https://wpscan.com/vulnerability/75fbee63-d622-441f-8675-082907b0b1e6/

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/75fbee63-d622-441f-8675-082907b0b1e6/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.