9 matches found
CVE-2023-7246
CVE-2023-7246 is tied to the WordPress plugin System Dashboard prior to version 2.8.10. The issue arises because the plugin does not sanitize and escape certain parameters, enabling authenticated multisite administrators to perform Cross-Site Scripting through header manipulation, specifically vi...
CVE-2023-5714
CVE-2023-5714 : The WordPress plugin System Dashboard is vulnerable up to version 2.8.7 due to a missing capability check in the Ajax-hooked function sd_db_specs(), allowing authenticated users with subscriber-level access and above to retrieve data key specs. Reports from NVD and Wordfence align...
CVE-2023-5713
CVE-2023-5713 concerns the WordPress System Dashboard plugin (versions ≤ 2.8.7). The vulnerability stems from a missing capability check in the sd_option_value() AJAX handler, allowing authenticated users with subscriber-level access and above to obtain potentially sensitive option values and des...
CVE-2024-10708
CVE-2024-10708 affects the WordPress System Dashboard plugin prior to version 2.8.15. The vulnerability arises from unvalidated input used in a path (via the sd_viewer action’s filename parameter), enabling authenticated administrators to perform path traversal and read arbitrary server files (e....
CVE-2023-5711
CVE-2023-5711 affects the WordPress System Dashboard plugin, where a missing capability check in the sd_php_info() AJAX endpoint allowed authenticated users with subscriber-level access or higher to access sensitive PHP info. Affected versions: all up to 2.8.7. The issue has been tracked across m...
CVE-2023-5712
CVE-2023-5712 affects WordPress System Dashboard plugin. The vulnerability is an unauthorized data-access flaw caused by a missing capability check on the sd_global_value() function exposed via AJAX. It allows authenticated users with subscriber-level access and above to retrieve sensitive global...
CVE-2024-11107
CVE-2024-11107 refers to the WordPress System Dashboard plugin vulnerability where versions before 2.8.15 allow unauthenticated stored XSS due to insufficient sanitization/escaping of output parameters. Affected software: System Dashboard plugin prior to 2.8.15. Impact: unauthenticated users can ...
CVE-2023-5710
CVE-2023-5710 affects the WordPress System Dashboard plugin up to version 2.8.7, where a missing capability check in the sd_constants() function exposed data via an AJAX action. This allows authenticated users with subscriber-level access or higher to retrieve sensitive information, including dat...
CVE-2024-12299
CVE-2024-12299 (WordPress System Dashboard plugin) : Affected plugin versions