Lucene search
K

121 matches found

Patchstack
Patchstack
added 2024/11/21 12:0 a.m.18 views

WordPress System Dashboard Plugin < 2.8.15 is vulnerable to Path Traversal

Software System Dashboard Type Plugin Vulnerable versions 2.8.15 Fixed in 2.8.15 OWASP Top 10 A4: Insecure Design Classification Path Traversal CVE CVE-2024-10708 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID 8350df71b2da Credits Dogus DEMIRKIRAN Required privilege...

6.5AI score0.0203EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2024/11/21 12:0 a.m.17 views

WordPress System Dashboard Plugin < 2.8.15 is vulnerable to Cross Site Scripting (XSS)

Software System Dashboard Type Plugin Vulnerable versions 2.8.15 Fixed in 2.8.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11107 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 948953d35f1c Credits Dogus Demirkiran...

5.9AI score0.00333EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2024/09/10 3:15 a.m.29 views

CVE-2024-8268

The Frontend Dashboard plugin for WordPress is vulnerable to unauthorized code execution due to insufficient filtering on callable methods/functions via the ajaxrequest function in all versions up to, and including, 2.2.4. This makes it possible for authenticated attackers, with subscriber-level...

8.8CVSS0.00706EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/08/16 12:46 p.m.5 views

WordPress Dark Mode for WP Dashboard plugin <= 1.2.3 - Cross Site Request Forgery vulnerability

Cross Site Request Forgery vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Dark Mode for WP Dashboard versions = 1.2.3...

8.8CVSS7AI score0.00196EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/08/16 1:34 a.m.4 views

WordPress Download Plugins and Themes from Dashboard plugin <= 1.8.7 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Krzysztof Zając in WordPress Plugin Download Plugins and Themes from Dashboard versions = 1.8.7...

4.2CVSS7AI score0.00161EPSS
Exploits0References1Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/05/17 4:33 a.m.4 views

WordPress Plugin "Download Plugins and Themes from Dashboard" vulnerable to path traversal

Overview WordPress Plugin "Download Plugins and Themes from Dashboard" provided by WPFactory LLC contains a path traversal vulnerability CWE-22. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to WPFactory LLC and coordinated. After the coordination was completed, th...

6.5CVSS6.7AI score0.00669EPSS
Exploits0References4
CVE
CVE
added 2024/05/09 8:3 p.m.24 views

CVE-2024-4104

CVE-2024-4104 : ADFO – Custom data in admin dashboard (WordPress plugin) is vulnerable to a reflected XSS via the dbp_id parameter in versions ≤ 1.9.0 due to insufficient input sanitization and output escaping. This enables unauthenticated attackers to inject scripts on pages that execute when a ...

6.1CVSS6.3AI score0.00507EPSS
Exploits0References3
CVE
CVE
added 2024/04/04 1:56 a.m.53 views

CVE-2024-3030

CVE-2024-3030 (Announce from the Dashboard for WordPress): Stored XSS via admin settings in all versions

4.4CVSS7.7AI score0.00365EPSS
Exploits0References2
OSV
OSV
added 2024/03/20 5:15 a.m.3 views

CVE-2023-7246

The System Dashboard WordPress plugin before 2.8.10 does not sanitize and escape some parameters, which could allow administrators in multisite WordPress configurations to perform Cross-Site Scripting attacks...

5.4CVSS5.8AI score0.00813EPSS
Exploits2References1
Patchstack
Patchstack
added 2023/12/19 12:0 a.m.15 views

WordPress Ultimate Dashboard Plugin <= 3.7.11 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Dashboard Type Plugin Vulnerable versions = 3.7.11 Fixed in 3.7.12 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-50828 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID dd2a662ffdfd Credits emad Required privilege...

5.9CVSS6.6AI score0.00402EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2023/12/13 6:31 p.m.15 views

GHSA-V672-5X3H-57QP Cross-site request forgery vulnerability in Jenkins Deployment Dashboard Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to copy jobs...

4.3CVSS4.9AI score0.00338EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/12/13 5:30 p.m.21 views

CVE-2023-50775

A cross-site request forgery CSRF vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to copy jobs...

5.3AI score0.00338EPSS
Exploits0References2
CVE
CVE
added 2023/12/13 5:30 p.m.44 views

CVE-2023-50775

CVE-2023-50775 describes a cross-site request forgery (CSRF) in Jenkins Deployment Dashboard Plugin, affecting version 1.0.10 and earlier. The connected Red Hat advisory and other sources confirm the vulnerability allows attackers to copy jobs on the Jenkins controller when the plugin is in use. ...

4.3CVSS4.5AI score0.00338EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/12/13 12:0 a.m.6 views

Jenkins Deployment Dashboard Plugin Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

4.3CVSS6.7AI score0.00338EPSS
Exploits0References4
WPVulnDB
WPVulnDB
added 2023/12/08 12:0 a.m.14 views

System Dashboard < 2.8.8 - Missing Authorization to Information Disclosure (sd_global_value)

Description The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sdglobalvalue function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with...

4.3CVSS6.4AI score0.00432EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/12/07 2:15 a.m.7 views

CVE-2023-5710

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sdconstants function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level...

4.3CVSS7.3AI score0.00468EPSS
Exploits0References3
Prion
Prion
added 2023/12/07 2:15 a.m.21 views

Information disclosure

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sdglobalvalue function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level...

4CVSS6.6AI score0.00432EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/12/07 2:0 a.m.27 views

CVE-2023-5713 System Dashboard <= 2.8.7 - Missing Authorization to Information Disclosure (sd_option_value)

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sdoptionvalue function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level...

4.3CVSS4.6AI score0.00469EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/12/07 2:0 a.m.27 views

CVE-2023-5712 System Dashboard <= 2.8.7 - Missing Authorization to Information Disclosure (sd_global_value)

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sdglobalvalue function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level...

4.3CVSS4.6AI score0.00432EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/12/07 12:0 a.m.6 views

WordPress plugin System Dashboard security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

4.3CVSS5.8AI score0.00468EPSS
Exploits0References4
Rows per page
Query Builder