Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total2

Critical0

High1

Medium1

Search Severity Year Type Sort Order

Reset

Showing 1-2 of 2 records

Threat Entry Updated 2025-06-09

CVE-2023-7239 - Wp Dashboard Notes Plugin

The WP Dashboard Notes WordPress plugin before 1.0.11 does not validate that the user has access to the post_id parameter in its wpdn_update_note AJAX action. This allows users with a role of contributor and above to update notes created by other users.

PLUGIN Wp Dashboard Notes

CVE-2023-7239

HIGH CVSS 7.5 2025-05-15

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-05-01

CVE-2023-7198 - Wp Dashboard Notes Plugin

The WP Dashboard Notes WordPress plugin before 1.0.11 is vulnerable to Insecure Direct Object References (IDOR) in post_id= parameter. Authenticated users are able to delete private notes associated with different user accounts. This poses a significant security risk as it violates the principle of least privilege and compromises the integrity and privacy of user data.

PLUGIN Wp Dashboard Notes

CVE-2023-7198

MEDIUM CVSS 4.3 2024-02-27

Risk Score

Open Full Technical Breakdown

Blog

"Prevention is cheaper than a breach"

Threat Database

CVE-2023-7239 - Wp Dashboard Notes Plugin

CVE-2023-7198 - Wp Dashboard Notes Plugin

Company Links

Contact Us