10 matches found
EUVD-2024-40121
Malicious code in bioql PyPI...
CVE-2024-43226
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Jeroen Sormani WP Dashboard Notes allows Stored XSS.This issue affects WP Dashboard Notes: from n/a through 1.0.11...
CVE-2023-7239
The WP Dashboard Notes WordPress plugin before 1.0.11 does not validate that the user has access to the postid parameter in its wpdnupdatenote AJAX action. This allows users with a role of contributor and above to update notes created by other users...
CVE-2023-7239 wp-dashboard-notes < 1.0.11 - Contributor+ Arbitrary Private Notes Update via IDOR
The WP Dashboard Notes WordPress plugin before 1.0.11 does not validate that the user has access to the postid parameter in its wpdnupdatenote AJAX action. This allows users with a role of contributor and above to update notes created by other users...
CVE-2023-7239 wp-dashboard-notes < 1.0.11 - Contributor+ Arbitrary Private Notes Update via IDOR
The WP Dashboard Notes WordPress plugin before 1.0.11 does not validate that the user has access to the postid parameter in its wpdnupdatenote AJAX action. This allows users with a role of contributor and above to update notes created by other users...
CVE-2024-43226
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Jeroen Sormani WP Dashboard Notes allows Stored XSS.This issue affects WP Dashboard Notes: from n/a through 1.0.11...
CVE-2024-43226
CVE-2024-43226 concerns WP Dashboard Notes for WordPress. The vulnerability is a Stored XSS due to improper input neutralization during web page generation, affecting WP Dashboard Notes versions n/a through 1.0.11. Root cause is insufficient sanitization of input that is later rendered in a page,...
CVE-2023-7198
The WP Dashboard Notes WordPress plugin before 1.0.11 is vulnerable to Insecure Direct Object References IDOR in postid= parameter. Authenticated users are able to delete private notes associated with different user accounts. This poses a significant security risk as it violates the principle of...
CVE-2023-7198 WPDashboardNotes < 1.0.11 - Unauthorised Deletion of Private Notes
The WP Dashboard Notes WordPress plugin before 1.0.11 is vulnerable to Insecure Direct Object References IDOR in postid= parameter. Authenticated users are able to delete private notes associated with different user accounts. This poses a significant security risk as it violates the principle of...
CVE-2023-7198
The WP Dashboard Notes WordPress plugin (versions