Lucene search
K
BowoSystem Dashboard

9 matches found

CVE
CVE
added 2024/03/20 5:0 a.m.100 views

CVE-2023-7246

CVE-2023-7246 is tied to the WordPress plugin System Dashboard prior to version 2.8.10. The issue arises because the plugin does not sanitize and escape certain parameters, enabling authenticated multisite administrators to perform Cross-Site Scripting through header manipulation, specifically vi...

5.4CVSS5.2AI score0.00813EPSS
CVE
CVE
added 2023/12/07 2:0 a.m.72 views

CVE-2023-5714

CVE-2023-5714 : The WordPress plugin System Dashboard is vulnerable up to version 2.8.7 due to a missing capability check in the Ajax-hooked function sd_db_specs(), allowing authenticated users with subscriber-level access and above to retrieve data key specs. Reports from NVD and Wordfence align...

4.3CVSS4.6AI score0.00441EPSS
CVE
CVE
added 2023/12/07 2:0 a.m.67 views

CVE-2023-5713

CVE-2023-5713 concerns the WordPress System Dashboard plugin (versions ≤ 2.8.7). The vulnerability stems from a missing capability check in the sd_option_value() AJAX handler, allowing authenticated users with subscriber-level access and above to obtain potentially sensitive option values and des...

4.3CVSS4.5AI score0.00469EPSS
CVE
CVE
added 2024/12/10 6:0 a.m.67 views

CVE-2024-10708

CVE-2024-10708 affects the WordPress System Dashboard plugin prior to version 2.8.15. The vulnerability arises from unvalidated input used in a path (via the sd_viewer action’s filename parameter), enabling authenticated administrators to perform path traversal and read arbitrary server files (e....

4.9CVSS6.4AI score0.01974EPSS
CVE
CVE
added 2023/12/07 2:0 a.m.64 views

CVE-2023-5711

CVE-2023-5711 affects the WordPress System Dashboard plugin, where a missing capability check in the sd_php_info() AJAX endpoint allowed authenticated users with subscriber-level access or higher to access sensitive PHP info. Affected versions: all up to 2.8.7. The issue has been tracked across m...

4.3CVSS4.5AI score0.00442EPSS
CVE
CVE
added 2023/12/07 2:0 a.m.64 views

CVE-2023-5712

CVE-2023-5712 affects WordPress System Dashboard plugin. The vulnerability is an unauthorized data-access flaw caused by a missing capability check on the sd_global_value() function exposed via AJAX. It allows authenticated users with subscriber-level access and above to retrieve sensitive global...

4.3CVSS4.5AI score0.00432EPSS
CVE
CVE
added 2024/12/10 6:0 a.m.64 views

CVE-2024-11107

CVE-2024-11107 refers to the WordPress System Dashboard plugin vulnerability where versions before 2.8.15 allow unauthenticated stored XSS due to insufficient sanitization/escaping of output parameters. Affected software: System Dashboard plugin prior to 2.8.15. Impact: unauthenticated users can ...

6.1CVSS5.9AI score0.00326EPSS
CVE
CVE
added 2023/12/07 2:0 a.m.61 views

CVE-2023-5710

CVE-2023-5710 affects the WordPress System Dashboard plugin up to version 2.8.7, where a missing capability check in the sd_constants() function exposed data via an AJAX action. This allows authenticated users with subscriber-level access or higher to retrieve sensitive information, including dat...

4.3CVSS4.4AI score0.00468EPSS
CVE
CVE
added 2025/01/30 1:42 p.m.50 views

CVE-2024-12299

CVE-2024-12299 (WordPress System Dashboard plugin) : Affected plugin versions

6.1CVSS7.4AI score0.00385EPSS