Filtered by vendor Bowo
Subscriptions
Filtered by product System Dashboard
Subscriptions
Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-5714 | 1 Bowo | 1 System Dashboard | 2024-11-21 | 4.3 Medium |
The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_db_specs() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve data key specs. | ||||
CVE-2023-5713 | 1 Bowo | 1 System Dashboard | 2024-11-21 | 4.3 Medium |
The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_option_value() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve potentially sensitive option values, and deserialize the content of those values. | ||||
CVE-2023-5712 | 1 Bowo | 1 System Dashboard | 2024-11-21 | 4.3 Medium |
The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_global_value() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive global value information. | ||||
CVE-2023-5711 | 1 Bowo | 1 System Dashboard | 2024-11-21 | 4.3 Medium |
The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_php_info() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive information provided by PHP info. | ||||
CVE-2023-5710 | 1 Bowo | 1 System Dashboard | 2024-11-21 | 4.3 Medium |
The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_constants() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive information such as database credentials. |
Page 1 of 1.