Skip to main content

System Dashboard

7 CVEs product

Monthly

CVE-2024-11107 MEDIUM POC This Month

The System Dashboard WordPress plugin before 2.8.15 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS System Dashboard
NVD WPScan
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-10708 MEDIUM POC This Month

The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high privilege users such as admin to perform path traversal attacks an read. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal WordPress System Dashboard
NVD WPScan
CVSS 3.1
4.9
EPSS
2.0%
CVE-2023-5714 MEDIUM PATCH This Month

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_db_specs() function hooked via an AJAX action in all versions up to,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress System Dashboard
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-5713 MEDIUM PATCH This Month

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_option_value() function hooked via an AJAX action in all versions up. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass System Dashboard
NVD VulDB
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-5712 MEDIUM PATCH This Month

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_global_value() function hooked via an AJAX action in all versions up. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress System Dashboard
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-5711 MEDIUM PATCH This Month

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_php_info() function hooked via an AJAX action in all versions up to,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass PHP System Dashboard
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-5710 MEDIUM PATCH This Month

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_constants() function hooked via an AJAX action in all versions up. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass System Dashboard
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
EPSS 0% CVSS 6.1
MEDIUM POC This Month

The System Dashboard WordPress plugin before 2.8.15 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS System Dashboard
NVD WPScan
EPSS 2% CVSS 4.9
MEDIUM POC This Month

The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high privilege users such as admin to perform path traversal attacks an read. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal WordPress System Dashboard
NVD WPScan
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_db_specs() function hooked via an AJAX action in all versions up to,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress System Dashboard
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_option_value() function hooked via an AJAX action in all versions up. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass System Dashboard
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_global_value() function hooked via an AJAX action in all versions up. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress System Dashboard
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_php_info() function hooked via an AJAX action in all versions up to,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass PHP +1
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_constants() function hooked via an AJAX action in all versions up. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass System Dashboard
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy