3 matches found
CVE-2023-7246
CVE-2023-7246 is tied to the WordPress plugin System Dashboard prior to version 2.8.10. The issue arises because the plugin does not sanitize and escape certain parameters, enabling authenticated multisite administrators to perform Cross-Site Scripting through header manipulation, specifically vi...
CVE-2024-10708
CVE-2024-10708 affects the WordPress System Dashboard plugin prior to version 2.8.15. The vulnerability arises from unvalidated input used in a path (via the sd_viewer action’s filename parameter), enabling authenticated administrators to perform path traversal and read arbitrary server files (e....
CVE-2024-11107
CVE-2024-11107 refers to the WordPress System Dashboard plugin vulnerability where versions before 2.8.15 allow unauthenticated stored XSS due to insufficient sanitization/escaping of output parameters. Affected software: System Dashboard plugin prior to 2.8.15. Impact: unauthenticated users can ...