3 matches found
CVE-2023-5713 System Dashboard <= 2.8.7 - Missing Authorization to Information Disclosure (sd_option_value)
The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sdoptionvalue function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2023-5713
CVE-2023-5713 concerns the WordPress System Dashboard plugin (versions ≤ 2.8.7). The vulnerability stems from a missing capability check in the sd_option_value() AJAX handler, allowing authenticated users with subscriber-level access and above to obtain potentially sensitive option values and des...
WordPress System Dashboard Plugin <= 2.8.7 is vulnerable to Broken Access Control
Software System Dashboard Type Plugin Vulnerable versions = 2.8.7 Fixed in 2.8.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-5713 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 50c335b17f86 Credits Dmitrii Ignatyev Required...