← Back

Jeroensormani

jeroensormani

2 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Wp Dashboard Notes
wp_dashboard_notes
2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-7239
1Jeroensormani
1Wp Dashboard Notes
Jun 9, 2025
May 15, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
The WP Dashboard Notes WordPress plugin before 1.0.11 does not validate that the user has access to the post_id parameter in its wpdn_update_note AJAX action. This allows users with a role of contributor and above to upd...Show more
The WP Dashboard Notes WordPress plugin before 1.0.11 does not validate that the user has access to the post_id parameter in its wpdn_update_note AJAX action. This allows users with a role of contributor and above to update notes created by other users.Show less
CVE-2023-7198
1Jeroensormani
1Wp Dashboard Notes
May 1, 2025
Feb 27, 2024
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The WP Dashboard Notes WordPress plugin before 1.0.11 is vulnerable to Insecure Direct Object References (IDOR) in post_id= parameter. Authenticated users are able to delete private notes associated with different user a...Show more
The WP Dashboard Notes WordPress plugin before 1.0.11 is vulnerable to Insecure Direct Object References (IDOR) in post_id= parameter. Authenticated users are able to delete private notes associated with different user accounts. This poses a significant security risk as it violates the principle of least privilege and compromises the integrity and privacy of user data.Show less