CVE-2023-7198

Name of the Vulnerable Software and Affected Versions WP Dashboard Notes WordPress plugin versions prior to 1.0.11

Description The issue allows authenticated users to delete private notes associated with different user accounts due to Insecure Direct Object References (IDOR) in the post id= parameter. This poses a significant security risk as it violates the principle of least privilege and compromises the integrity and privacy of user data.

Recommendations For versions prior to 1.0.11, update to version 1.0.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the post id= parameter to prevent unauthorized deletion of private notes.