5 matches found
CVE-2023-7239
The WP Dashboard Notes WordPress plugin before 1.0.11 does not validate that the user has access to the postid parameter in its wpdnupdatenote AJAX action. This allows users with a role of contributor and above to update notes created by other users...
CVE-2023-7239
The WP Dashboard Notes WordPress plugin before 1.0.11 does not validate that the user has access to the postid parameter in its wpdnupdatenote AJAX action. This allows users with a role of contributor and above to update notes created by other users...
CVE-2023-7239 wp-dashboard-notes < 1.0.11 - Contributor+ Arbitrary Private Notes Update via IDOR
The WP Dashboard Notes WordPress plugin before 1.0.11 does not validate that the user has access to the postid parameter in its wpdnupdatenote AJAX action. This allows users with a role of contributor and above to update notes created by other users...
CVE-2023-7239 wp-dashboard-notes < 1.0.11 - Contributor+ Arbitrary Private Notes Update via IDOR
The WP Dashboard Notes WordPress plugin before 1.0.11 does not validate that the user has access to the postid parameter in its wpdnupdatenote AJAX action. This allows users with a role of contributor and above to update notes created by other users...
WordPress WP Dashboard Notes Plugin < 1.0.11 is vulnerable to Broken Access Control
Software WP Dashboard Notes Type Plugin Vulnerable versions 1.0.11 Fixed in 1.0.11 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-7239 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 48978b33e0d8 Credits Pedro Cuco Illex Required...