System Dashboard Security Vulnerabilities and Issues — System Dashboard CVE List

Lucene search

BowoSystem Dashboard

7 matches found

CVE•added 2023/12/07 2:15 a.m.•57 views

CVE-2023-5714

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_db_specs() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level acc...

4.3CVSS4.6AI score0.00197EPSS

CVE•added 2025/02/25 3:15 p.m.•55 views

CVE-2025-26911

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Bowo System Dashboard allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects System Dashboard: from n/a through 2.8.18.

4.3CVSS6.9AI score0.00051EPSS

CVE•added 2023/12/07 2:15 a.m.•53 views

CVE-2023-5713

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_option_value() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level...

4.3CVSS4.5AI score0.00207EPSS

CVE•added 2023/12/07 2:15 a.m.•52 views

CVE-2023-5711

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_php_info() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level acc...

4.3CVSS4.5AI score0.00197EPSS

CVE•added 2024/12/10 6:15 a.m.•51 views

CVE-2024-10708

The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high privilege users such as admin to perform path traversal attacks an read arbitrary files on the server

4.9CVSS6.4AI score0.00285EPSS

CVE•added 2023/12/07 2:15 a.m.•50 views

CVE-2023-5710

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_constants() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level ac...

4.3CVSS4.4AI score0.00197EPSS

CVE•added 2023/12/07 2:15 a.m.•49 views

CVE-2023-5712

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_global_value() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level...

4.3CVSS4.5AI score0.00197EPSS