CVE-2023-7239

Name of the Vulnerable Software and Affected Versions: WP Dashboard Notes versions prior to 1.0.11

Description: The issue concerns the WP Dashboard Notes WordPress plugin, where it fails to validate user access to the post id parameter in its wpdn update note AJAX action. This allows users with a role of contributor and above to update notes created by other users.

Recommendations: For versions prior to 1.0.11, update to version 1.0.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the wpdn update note AJAX action to prevent unauthorized note updates.