Lucene search
+L

37 matches found

RedhatCVE
RedhatCVE
added 2025/05/17 9:4 p.m.32 views

CVE-2023-7239

The WP Dashboard Notes WordPress plugin before 1.0.11 does not validate that the user has access to the postid parameter in its wpdnupdatenote AJAX action. This allows users with a role of contributor and above to update notes created by other users...

7.5CVSS6.7AI score0.00456EPSS
Exploits2References3
OSV
OSV
added 2025/05/15 8:15 p.m.6 views

CVE-2023-7239

The WP Dashboard Notes WordPress plugin before 1.0.11 does not validate that the user has access to the postid parameter in its wpdnupdatenote AJAX action. This allows users with a role of contributor and above to update notes created by other users...

7.5CVSS5.8AI score0.00456EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2025/05/15 8:9 p.m.13 views

CVE-2023-7239 wp-dashboard-notes < 1.0.11 - Contributor+ Arbitrary Private Notes Update via IDOR

The WP Dashboard Notes WordPress plugin before 1.0.11 does not validate that the user has access to the postid parameter in its wpdnupdatenote AJAX action. This allows users with a role of contributor and above to update notes created by other users...

7.5AI score0.00456EPSS
Exploits2References1
Cvelist
Cvelist
added 2025/05/15 8:9 p.m.16 views

CVE-2023-7239 wp-dashboard-notes < 1.0.11 - Contributor+ Arbitrary Private Notes Update via IDOR

The WP Dashboard Notes WordPress plugin before 1.0.11 does not validate that the user has access to the postid parameter in its wpdnupdatenote AJAX action. This allows users with a role of contributor and above to update notes created by other users...

0.00456EPSS
Exploits2References1
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.5 views

WordPress plugin WP Dashboard Notes 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

7.5CVSS8.7AI score0.00456EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2024/08/12 10:15 p.m.5 views

CVE-2024-43226

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Jeroen Sormani WP Dashboard Notes allows Stored XSS.This issue affects WP Dashboard Notes: from n/a through 1.0.11...

6.5CVSS5.2AI score0.00245EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/08/12 9:12 p.m.16 views

CVE-2024-43226 WordPress WP Dashboard Notes plugin <= 1.0.11 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Jeroen Sormani WP Dashboard Notes allows Stored XSS.This issue affects WP Dashboard Notes: from n/a through 1.0.11...

6.5CVSS0.00245EPSS
Exploits0References1
CVE
CVE
added 2024/08/12 9:12 p.m.42 views

CVE-2024-43226

CVE-2024-43226 concerns WP Dashboard Notes for WordPress. The vulnerability is a Stored XSS due to improper input neutralization during web page generation, affecting WP Dashboard Notes versions n/a through 1.0.11. Root cause is insufficient sanitization of input that is later rendered in a page,...

6.5CVSS6.5AI score0.00245EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/08/12 12:0 a.m.6 views

WordPress plugin WP Dashboard Notes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS6.1AI score0.00245EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/08/09 12:52 p.m.6 views

WordPress WP Dashboard Notes plugin <= 1.0.11 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by justakazh Patchstack Alliance in WordPress Plugin WP Dashboard Notes versions = 1.0.11...

6.5CVSS6.1AI score0.00245EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/08/09 12:0 a.m.10 views

WordPress WP Dashboard Notes Plugin <= 1.0.11 is vulnerable to Cross Site Scripting (XSS)

Software WP Dashboard Notes Type Plugin Vulnerable versions = 1.0.11 Fixed in 1.0.12 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43226 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 853d82c04c96 Credits justakazh Required privileg...

6.5CVSS6.6AI score0.00245EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/02/27 9:15 a.m.8 views

CVE-2023-7198

The WP Dashboard Notes WordPress plugin before 1.0.11 is vulnerable to Insecure Direct Object References IDOR in postid= parameter. Authenticated users are able to delete private notes associated with different user accounts. This poses a significant security risk as it violates the principle of...

4.3CVSS5.8AI score0.00402EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/02/27 8:30 a.m.13 views

CVE-2023-7198 WPDashboardNotes < 1.0.11 - Unauthorised Deletion of Private Notes

The WP Dashboard Notes WordPress plugin before 1.0.11 is vulnerable to Insecure Direct Object References IDOR in postid= parameter. Authenticated users are able to delete private notes associated with different user accounts. This poses a significant security risk as it violates the principle of...

6.3AI score0.00402EPSS
Exploits2References1
CVE
CVE
added 2024/02/27 8:30 a.m.9171 views

CVE-2023-7198

The WP Dashboard Notes WordPress plugin (versions

4.3CVSS6.5AI score0.00402EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2024/02/27 12:0 a.m.6 views

WordPress plugin WP Dashboard Notes security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

4.3CVSS6.7AI score0.00402EPSS
Exploits2References2
Patchstack
Patchstack
added 2024/02/27 12:0 a.m.17 views

WordPress WP Dashboard Notes Plugin < 1.0.11 is vulnerable to Insecure Direct Object References (IDOR)

Software WP Dashboard Notes Type Plugin Vulnerable versions 1.0.11 Fixed in 1.0.11 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-7198 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 493c887865e6 Credits Pedro Cuco...

6.5AI score0.00402EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2024/01/29 12:0 a.m.14 views

WordPress WP Dashboard Notes Plugin < 1.0.11 is vulnerable to Broken Access Control

Software WP Dashboard Notes Type Plugin Vulnerable versions 1.0.11 Fixed in 1.0.11 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-7239 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 48978b33e0d8 Credits Pedro Cuco Illex Required...

6.6AI score0.00456EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder