EUVD-2026-15606

Missing Authorization vulnerability in activity-log.com WP System Log winterlock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP System Log: from n/a through = 1.2.7...

PT-2026-27876

Name of the Vulnerable Software and Affected Versions WP System Log versions through 1.2.7 Description An authorization issue exists in activity-log.com WP System Log winterlock. This allows exploitation of incorrectly configured access control security levels. Recommendations Update WP System Lo...

CVE-2025-10377

The System Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.20. This is due to missing nonce validation on the sdtogglelogs function. This makes it possible for unauthenticated attackers to toggle critical logging settings...

CVE-2024-12003

The CVE-2024-12003 entry concerns the WP System WordPress plugin (versions up to 1.1.1). The advisory states a Cross-Site Request Forgery (CSRF) vulnerability due to missing or incorrect nonce validation in generate_wp_system_page_content(), enabling unauthenticated attackers to inject malicious ...

WordPress System Dashboard Plugin < 2.8.15 is vulnerable to Cross Site Scripting (XSS)

Software System Dashboard Type Plugin Vulnerable versions 2.8.15 Fixed in 2.8.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11107 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 948953d35f1c Credits Dogus Demirkiran...

WordPress System Dashboard Plugin < 2.8.15 is vulnerable to Path Traversal

Software System Dashboard Type Plugin Vulnerable versions 2.8.15 Fixed in 2.8.15 OWASP Top 10 A4: Insecure Design Classification Path Traversal CVE CVE-2024-10708 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID 8350df71b2da Credits Dogus DEMIRKIRAN Required privilege...

WordPress System Dashboard Plugin < 2.8.10 is vulnerable to Cross Site Scripting (XSS)

Software System Dashboard Type Plugin Vulnerable versions 2.8.10 Fixed in 2.8.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-7246 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 59b19780b836 Credits Dmitrii Ignatyev Requir...

WordPress plugin System Dashboard security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress System Dashboard Plugin <= 2.8.7 is vulnerable to Broken Access Control

Software System Dashboard Type Plugin Vulnerable versions = 2.8.7 Fixed in 2.8.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-5712 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 98fba4335721 Credits Dmitrii Ignatyev Required...

PT-2022-7084 · WordPress · Learnpress

Name of the Vulnerable Software and Affected Versions: LearnPress – WordPress LMS Plugin versions = 4.1.7.3.2 Description: The issue is related to a Local File Inclusion vulnerability. It concerns the list courses function of the LearnPress plugin in the WordPress content management system. The...

Enable Media Replace WordPress Plugin Multiple Vulnerabilities

Exploit for php platform in category web applications PRODUCT NAME: Enable Media Replace WordPress Plugin PRODUCT URL 1: http://wordpress.org/extend/plugins/enable-media-replace/ PRODUCT URL 2: http://mansjonasson.se/wordpress-plugins/enable-media-replace/ PRODUCT AUTHOR: Mans Jonasson for .SE...