Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Bowo System Dashboard system-dashboard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects System Dashboard: from n/a through <= 2.8.18.
Published: 2025-02-25
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in the Bowo System Dashboard WordPress plugin allows an attacker with an incorrectly configured access control to obtain sensitive system information. This is classified as a Sensitive Data Exposure flaw, corresponding to CWE‑497, and could lead to disclosure of confidential environment details to an unauthorized control sphere.

Affected Systems

All installations of Bowo System Dashboard plugin up to and including version 2.8.18 are affected. The issue applies from the earliest available version through 2.8.18, with no later releases listed as vulnerable.

Risk and Exploitability

The CVSS base score of 4.3 indicates moderate severity, while the EPSS score of less than 1% suggests a very low probability of exploitation at present. The vulnerability is not listed in CISA’s KEV catalog. Exploitation requires an entity to gain access to the WordPress control panel and leverage incorrectly set permissions to read system information from the plugin’s interface. No public demonstration of a working exploit exists, but the potential for data leakage exists if improper ACLs remain in place.

Generated by OpenCVE AI on May 1, 2026 at 15:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Bowo System Dashboard plugin version or upgrade to a patch that fixes the access control flaw
  • Configure WordPress user roles to remove or severely restrict the rights of non‑administrator accounts that can view plugin settings
  • Audit the site’s directory permissions and verify that only trusted users have permission to access the plugin’s configuration pages

Generated by OpenCVE AI on May 1, 2026 at 15:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-5391 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Bowo System Dashboard allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects System Dashboard: from n/a through 2.8.18.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Bowo System Dashboard allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects System Dashboard: from n/a through 2.8.18. Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Bowo System Dashboard system-dashboard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects System Dashboard: from n/a through <= 2.8.18.
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Tue, 25 Feb 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 25 Feb 2025 14:30:00 +0000

Type Values Removed Values Added
Description Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Bowo System Dashboard allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects System Dashboard: from n/a through 2.8.18.
Title WordPress System Dashboard plugin <= 2.8.18 - Sensitive Data Exposure vulnerability
Weaknesses CWE-497
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Bowo System Dashboard
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:11:43.815Z

Reserved: 2025-02-17T11:50:52.141Z

Link: CVE-2025-26911

cve-icon Vulnrichment

Updated: 2025-02-25T19:02:11.066Z

cve-icon NVD

Status : Deferred

Published: 2025-02-25T15:15:26.393

Modified: 2026-04-23T15:26:02.807

Link: CVE-2025-26911

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T15:30:20Z

Weaknesses