CVE-2023-7198: 
WordPress vulnerability analysis and mitigation

The WP Dashboard Notes WordPress plugin before version 1.0.11 contains a security vulnerability identified as CVE-2023-7198. The vulnerability was discovered and publicly published on December 19, 2023. This vulnerability affects the plugin's note deletion functionality and impacts all versions prior to 1.0.11 (WPScan).

The vulnerability is classified as an Insecure Direct Object References (IDOR) vulnerability in the post_id parameter. The issue allows authenticated users to manipulate the post_id parameter during note deletion requests, enabling them to delete private notes associated with other user accounts. The vulnerability has been assigned a CVSS score of 2.7 (low) and is categorized under OWASP Top 10 as A5: Broken Access Control and CWE-639 (WPScan).

This vulnerability compromises the integrity and privacy of user data by allowing authenticated users to delete private notes belonging to other users. The security issue violates the principle of least privilege, potentially leading to unauthorized deletion of sensitive information (WPScan).

Users should upgrade to WP Dashboard Notes version 1.0.11 or later, which contains the fix for this vulnerability (WPScan).