Frontend User Notes
Approved changes feed: RSS · Atom
cpe:2.3:a:absikandar:frontend_user_notes:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Absikandar (e55eacab-fbfb-5852-a9a0-5ddd92a3d0f8) |
|---|---|
| Product | Frontend User Notes (047771df-a543-59db-8d62-d6a900b66dae) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-12071 |
vulnerable | 2026-06-03 14:58:43.745687 |
Frontend User Notes <= 2.1.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Note Modification
MEDIUM (4.3)
The Frontend User Notes plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'funp_ajax_modify_notes' AJAX endpoint due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify arbitrary notes that do not belong to them.
Published: 2026-02-18T04:35:42.817Z
Updated: 2026-04-08T16:44:58.364Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.