Filtered by vendor Bowo Subscriptions
Filtered by product System Dashboard Subscriptions
Total 5 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-5714 1 Bowo 1 System Dashboard 2024-11-21 4.3 Medium
The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_db_specs() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve data key specs.
CVE-2023-5713 1 Bowo 1 System Dashboard 2024-11-21 4.3 Medium
The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_option_value() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve potentially sensitive option values, and deserialize the content of those values.
CVE-2023-5712 1 Bowo 1 System Dashboard 2024-11-21 4.3 Medium
The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_global_value() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive global value information.
CVE-2023-5711 1 Bowo 1 System Dashboard 2024-11-21 4.3 Medium
The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_php_info() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive information provided by PHP info.
CVE-2023-5710 1 Bowo 1 System Dashboard 2024-11-21 4.3 Medium
The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_constants() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive information such as database credentials.