CVE-2023-7239 wp-dashboard-notes < 1.0.11 - Contributor+ Arbitrary Private Notes Update via IDOR

The WP Dashboard Notes WordPress plugin before 1.0.11 does not validate that the user has access to the postid parameter in its wpdnupdatenote AJAX action. This allows users with a role of contributor and above to update notes created by other users...