System Dashboard Security Vulnerabilities and Issues — System Dashboard CVE List

Lucene search

BowoSystem Dashboard

10 matches found

CVE•added 2024/03/20 5:15 a.m.•66 views

CVE-2023-7246

The System Dashboard WordPress plugin before 2.8.10 does not sanitize and escape some parameters, which could allow administrators in multisite WordPress configurations to perform Cross-Site Scripting attacks

5.4CVSS5.2AI score0.01268EPSS

CVE•added 2023/12/07 2:15 a.m.•57 views

CVE-2023-5714

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_db_specs() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level acc...

4.3CVSS4.6AI score0.00197EPSS

CVE•added 2025/02/25 3:15 p.m.•55 views

CVE-2025-26911

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Bowo System Dashboard allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects System Dashboard: from n/a through 2.8.18.

4.3CVSS6.9AI score0.00051EPSS

CVE•added 2023/12/07 2:15 a.m.•53 views

CVE-2023-5713

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_option_value() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level...

4.3CVSS4.5AI score0.00207EPSS

CVE•added 2023/12/07 2:15 a.m.•52 views

CVE-2023-5711

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_php_info() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level acc...

4.3CVSS4.5AI score0.00197EPSS

CVE•added 2024/12/10 6:15 a.m.•51 views

CVE-2024-10708

The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high privilege users such as admin to perform path traversal attacks an read arbitrary files on the server

4.9CVSS6.4AI score0.00285EPSS

CVE•added 2023/12/07 2:15 a.m.•50 views

CVE-2023-5710

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_constants() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level ac...

4.3CVSS4.4AI score0.00197EPSS

CVE•added 2023/12/07 2:15 a.m.•49 views

CVE-2023-5712

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_global_value() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level...

4.3CVSS4.5AI score0.00197EPSS

CVE•added 2024/12/10 6:15 a.m.•45 views

CVE-2024-11107

The System Dashboard WordPress plugin before 2.8.15 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks.

6.1CVSS5.9AI score0.00086EPSS

CVE•added 2025/01/30 2:15 p.m.•38 views

CVE-2024-12299

The System Dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the Filename parameter in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web ...

6.1CVSS6AI score0.00127EPSS