Количество 2
Количество 2
CVE-2023-7239
The WP Dashboard Notes WordPress plugin before 1.0.11 does not validate that the user has access to the post_id parameter in its wpdn_update_note AJAX action. This allows users with a role of contributor and above to update notes created by other users.
GHSA-928r-3p4g-rrxw
The WP Dashboard Notes WordPress plugin before 1.0.11 does not validate that the user has access to the post_id parameter in its wpdn_update_note AJAX action. This allows users with a role of contributor and above to update notes created by other users.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-7239 The WP Dashboard Notes WordPress plugin before 1.0.11 does not validate that the user has access to the post_id parameter in its wpdn_update_note AJAX action. This allows users with a role of contributor and above to update notes created by other users. | CVSS3: 7.5 | 0% Низкий | 9 месяцев назад |
| GHSA-928r-3p4g-rrxw The WP Dashboard Notes WordPress plugin before 1.0.11 does not validate that the user has access to the post_id parameter in its wpdn_update_note AJAX action. This allows users with a role of contributor and above to update notes created by other users. | CVSS3: 7.5 | 0% Низкий | 9 месяцев назад |
Уязвимостей на страницу