Vulnerabilities (CVE)

Filtered by vendor Bowo Subscribe
Filtered by product System Dashboard
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-5714 1 Bowo 1 System Dashboard 2024-11-21 N/A 4.3 MEDIUM
The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_db_specs() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve data key specs.
CVE-2023-5713 1 Bowo 1 System Dashboard 2024-11-21 N/A 4.3 MEDIUM
The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_option_value() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve potentially sensitive option values, and deserialize the content of those values.
CVE-2023-5712 1 Bowo 1 System Dashboard 2024-11-21 N/A 4.3 MEDIUM
The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_global_value() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive global value information.
CVE-2023-5711 1 Bowo 1 System Dashboard 2024-11-21 N/A 4.3 MEDIUM
The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_php_info() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive information provided by PHP info.
CVE-2023-5710 1 Bowo 1 System Dashboard 2024-11-21 N/A 4.3 MEDIUM
The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_constants() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive information such as database credentials.