4 matches found
CVE-2023-5711
The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sdphpinfo function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level acces...
CVE-2023-5711
creationtimestamp| type| source ---|---|--- 2023-12-30 10:06:33+00:00| seen| https://t.me/ctinow/160835...
CVE-2023-5711
CVE-2023-5711 affects the WordPress System Dashboard plugin, where a missing capability check in the sd_php_info() AJAX endpoint allowed authenticated users with subscriber-level access or higher to access sensitive PHP info. Affected versions: all up to 2.8.7. The issue has been tracked across m...
WordPress System Dashboard Plugin <= 2.8.7 is vulnerable to Broken Access Control
Software System Dashboard Type Plugin Vulnerable versions = 2.8.7 Fixed in 2.8.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-5711 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 907b6e4e41af Credits Dmitrii Ignatyev Required...