121 matches found
WordPress System Dashboard Plugin < 2.8.15 is vulnerable to Path Traversal
Software System Dashboard Type Plugin Vulnerable versions 2.8.15 Fixed in 2.8.15 OWASP Top 10 A4: Insecure Design Classification Path Traversal CVE CVE-2024-10708 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID 8350df71b2da Credits Dogus DEMIRKIRAN Required privilege...
WordPress System Dashboard Plugin < 2.8.15 is vulnerable to Cross Site Scripting (XSS)
Software System Dashboard Type Plugin Vulnerable versions 2.8.15 Fixed in 2.8.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11107 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 948953d35f1c Credits Dogus Demirkiran...
CVE-2024-8268
The Frontend Dashboard plugin for WordPress is vulnerable to unauthorized code execution due to insufficient filtering on callable methods/functions via the ajaxrequest function in all versions up to, and including, 2.2.4. This makes it possible for authenticated attackers, with subscriber-level...
WordPress Dark Mode for WP Dashboard plugin <= 1.2.3 - Cross Site Request Forgery vulnerability
Cross Site Request Forgery vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Dark Mode for WP Dashboard versions = 1.2.3...
WordPress Download Plugins and Themes from Dashboard plugin <= 1.8.7 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by Krzysztof Zając in WordPress Plugin Download Plugins and Themes from Dashboard versions = 1.8.7...
WordPress Plugin "Download Plugins and Themes from Dashboard" vulnerable to path traversal
Overview WordPress Plugin "Download Plugins and Themes from Dashboard" provided by WPFactory LLC contains a path traversal vulnerability CWE-22. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to WPFactory LLC and coordinated. After the coordination was completed, th...
CVE-2024-4104
CVE-2024-4104 : ADFO – Custom data in admin dashboard (WordPress plugin) is vulnerable to a reflected XSS via the dbp_id parameter in versions ≤ 1.9.0 due to insufficient input sanitization and output escaping. This enables unauthenticated attackers to inject scripts on pages that execute when a ...
CVE-2024-3030
CVE-2024-3030 (Announce from the Dashboard for WordPress): Stored XSS via admin settings in all versions
CVE-2023-7246
The System Dashboard WordPress plugin before 2.8.10 does not sanitize and escape some parameters, which could allow administrators in multisite WordPress configurations to perform Cross-Site Scripting attacks...
WordPress Ultimate Dashboard Plugin <= 3.7.11 is vulnerable to Cross Site Scripting (XSS)
Software Ultimate Dashboard Type Plugin Vulnerable versions = 3.7.11 Fixed in 3.7.12 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-50828 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID dd2a662ffdfd Credits emad Required privilege...
GHSA-V672-5X3H-57QP Cross-site request forgery vulnerability in Jenkins Deployment Dashboard Plugin
A cross-site request forgery CSRF vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to copy jobs...
CVE-2023-50775
A cross-site request forgery CSRF vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to copy jobs...
CVE-2023-50775
CVE-2023-50775 describes a cross-site request forgery (CSRF) in Jenkins Deployment Dashboard Plugin, affecting version 1.0.10 and earlier. The connected Red Hat advisory and other sources confirm the vulnerability allows attackers to copy jobs on the Jenkins controller when the plugin is in use. ...
Jenkins Deployment Dashboard Plugin Security Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
System Dashboard < 2.8.8 - Missing Authorization to Information Disclosure (sd_global_value)
Description The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sdglobalvalue function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with...
CVE-2023-5710
The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sdconstants function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level...
Information disclosure
The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sdglobalvalue function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2023-5713 System Dashboard <= 2.8.7 - Missing Authorization to Information Disclosure (sd_option_value)
The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sdoptionvalue function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2023-5712 System Dashboard <= 2.8.7 - Missing Authorization to Information Disclosure (sd_global_value)
The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sdglobalvalue function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level...
WordPress plugin System Dashboard security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...