Vulnerability Details CVE-2023-7198
The WP Dashboard Notes WordPress plugin before 1.0.11 is vulnerable to Insecure Direct Object References (IDOR) in post_id= parameter. Authenticated users are able to delete private notes associated with different user accounts. This poses a significant security risk as it violates the principle of least privilege and compromises the integrity and privacy of user data.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 31.6%
CVSS Severity
CVSS v3 Score 4.3
References
Products affected by CVE-2023-7198
-
cpe:2.3:a:jeroensormani:wp_dashboard_notes:1.0.0
-
cpe:2.3:a:jeroensormani:wp_dashboard_notes:1.0.1
-
cpe:2.3:a:jeroensormani:wp_dashboard_notes:1.0.10
-
cpe:2.3:a:jeroensormani:wp_dashboard_notes:1.0.2
-
cpe:2.3:a:jeroensormani:wp_dashboard_notes:1.0.3
-
cpe:2.3:a:jeroensormani:wp_dashboard_notes:1.0.4
-
cpe:2.3:a:jeroensormani:wp_dashboard_notes:1.0.5
-
cpe:2.3:a:jeroensormani:wp_dashboard_notes:1.0.6
-
cpe:2.3:a:jeroensormani:wp_dashboard_notes:1.0.7
-
cpe:2.3:a:jeroensormani:wp_dashboard_notes:1.0.8
-
cpe:2.3:a:jeroensormani:wp_dashboard_notes:1.0.8.1
-
cpe:2.3:a:jeroensormani:wp_dashboard_notes:1.0.8.2
-
cpe:2.3:a:jeroensormani:wp_dashboard_notes:1.0.9