Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-5714 | 1 Bowo | 1 System Dashboard | 2024-11-21 | N/A | 4.3 MEDIUM |
The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_db_specs() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve data key specs. | |||||
CVE-2023-5713 | 1 Bowo | 1 System Dashboard | 2024-11-21 | N/A | 4.3 MEDIUM |
The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_option_value() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve potentially sensitive option values, and deserialize the content of those values. | |||||
CVE-2023-5712 | 1 Bowo | 1 System Dashboard | 2024-11-21 | N/A | 4.3 MEDIUM |
The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_global_value() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive global value information. | |||||
CVE-2023-5711 | 1 Bowo | 1 System Dashboard | 2024-11-21 | N/A | 4.3 MEDIUM |
The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_php_info() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive information provided by PHP info. | |||||
CVE-2023-5710 | 1 Bowo | 1 System Dashboard | 2024-11-21 | N/A | 4.3 MEDIUM |
The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_constants() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive information such as database credentials. |