Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:32 a.m.7 views

CVE-2023-5711

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sdphpinfo function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level acces...

4.3CVSS6.2AI score0.00442EPSS
Exploits0References1
Circl
Circl
added 2023/12/30 10:6 a.m.4 views

CVE-2023-5711

creationtimestamp| type| source ---|---|--- 2023-12-30 10:06:33+00:00| seen| https://t.me/ctinow/160835...

4.3CVSS6.2AI score0.00442EPSS
Exploits0References1
CVE
CVE
added 2023/12/07 2:0 a.m.63 views

CVE-2023-5711

CVE-2023-5711 affects the WordPress System Dashboard plugin, where a missing capability check in the sd_php_info() AJAX endpoint allowed authenticated users with subscriber-level access or higher to access sensitive PHP info. Affected versions: all up to 2.8.7. The issue has been tracked across m...

4.3CVSS4.5AI score0.00442EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2023/12/07 12:0 a.m.14 views

WordPress System Dashboard Plugin <= 2.8.7 is vulnerable to Broken Access Control

Software System Dashboard Type Plugin Vulnerable versions = 2.8.7 Fixed in 2.8.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-5711 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 907b6e4e41af Credits Dmitrii Ignatyev Required...

4.3CVSS6.6AI score0.00442EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder