Primary

Context

WP Dashboard Notes WordPress Plugin Post ID Vulnerability Allowing Note Updates by Contributors and Above

Vulnerability

Patched

A vulnerability exists in the WP Dashboard Notes WordPress plugin in versions prior to 1.0.11. The issue arises because the plugin's wpdn_update_note AJAX action does not properly validate user access to the post_id parameter. This flaw enables users with a contributor role or higher to modify notes created by other users.

Impact

Exploitation of this vulnerability allows for unauthorized users with a contributor role or above to update private notes belonging to other users, potentially leading to information manipulation or disclosure.

Remediation

Users are advised to update the WP Dashboard Notes WordPress plugin to version 1.0.11 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

0.6

exploitability

6.8

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

0.6

exploitability

6.8

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WP Dashboard Notes WordPress Plugin Post ID Vulnerability Allowing Note Updates by Contributors and Above

Vulnerability

Impact

Remediation

Affected Products

WP Dashboard Notes

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating