cleantalk
Vulnerabilities and Security Researches

Page & Post Notes, CVE-2025-12527

CVE, Research URL

CVE-2025-12527

Home page URL

Security reports for Page & Post Notes

Application

Page & Post Notes

Published on
Nov 07, 2025
Research Description
The Page & Post Notes plugin for WordPress is vulnerable to unauthorized modification of notes due to a missing capability check on the 'yydev_notes_save_dashboard_data' function in all versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify notes.
Affected versions
max 1.3.5.
Status
vulnerable
Previous vulnerability researches
SMS for WordPress (CVE-2025-12580) , Nov 10, 2025
New vulnerability
JB News Ticker (CVE-2025-11804) , Nov 11, 2025
My auctions allegro (CVE-2025-10048) , Nov 11, 2025
Sertifier Certificates & Open Badges – Tutor LMS (CVE-2025-53214) , Nov 11, 2025
Toast Mobile Menu – PageSpeed Insights Friendly (CVE-2025-53238) , Nov 11, 2025
Stripe Payment forms for WordPress Plugin – WP Full Pay (CVE-2025-9322) , Nov 11, 2025