Lucene search
Pedro Cuco (Illex)WPEX-ID:75FBEE63-D622-441F-8675-082907B0B1E6HistoryFeb 02, 2024 - 12:00 a.m.
WPDashboardNotes < 1.0.11 - Unauthorised Deletion of Private Notes
2024-02-0200:00:00
Pedro Cuco (Illex)
126
wpdashboardnotes
unauthorised deletion
private notes
exploit
security issue
post id manipulation
Description The plugin is vulnerable to Insecure Direct Object References (IDOR) in post_id= parameter. Authenticated users are able to delete private notes associated with different user accounts. This poses a significant security risk as it violates the principle of least privilege and compromises the integrity and privacy of user data.
After attacker create a note, uses the delete option. Intercepts the request and manipulate the post_id= to the victim note.
action=wpdn_delete_note&post_id=<ID-TO-DELETE>&nonce=1aa16d2949Related
prion
prion
Privilege escalation
2024-02-27 09:15:00
wpvulndb
wpvulndb
WPDashboardNotes < 1.0.11 - Unauthorised Deletion of Private Notes
2024-02-02 00:00:00
cvelist
cvelist
nvd
nvd
CVE-2023-7198
2024-02-27 09:15:37
cve
cve
CVE-2023-7198
2024-02-27 09:15:37
6.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.0%
Related for WPEX-ID:75FBEE63-D622-441F-8675-082907B0B1E6