CVE-2023-5713
published 2023-12-07CVE-2023-5713: The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_option_value() function…
PriorityP421medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
0.47%
37.1th percentile
The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_option_value() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve potentially sensitive option values, and deserialize the content of those values.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bowo | system_dashboard | <= 2.8.7 | — |
| qriouslad | system_dashboard | <= 2.8.7 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
System Dashboard Plugin up to 2.8.7 on WordPress sd_option_value authorization
vuldb·2026-04-11·CVSS 4.3
CVE-2023-5713 [MEDIUM] System Dashboard Plugin up to 2.8.7 on WordPress sd_option_value authorization
A vulnerability, which was classified as problematic, has been found in System Dashboard Plugin up to 2.8.7 on WordPress. Impacted is the function sd_option_value. This manipulation causes missing authorization.
This vulnerability is tracked as CVE-2023-5713. The attack is possible to be carried out remotely. No exploit exists.
GHSA
GHSA-mgjw-x57p-2wmf: The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_option_value() func
ghsa_unreviewed·2023-12-07
CVE-2023-5713 [MEDIUM] CWE-862 GHSA-mgjw-x57p-2wmf: The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_option_value() func
The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_option_value() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve potentially sensitive option values, and deserialize the content of those values.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/browser/system-dashboard/tags/2.8.7/admin/class-system-dashboard-admin.php#L6341https://plugins.trac.wordpress.org/browser/system-dashboard/tags/2.8.8/admin/class-system-dashboard-admin.php#L6357https://research.cleantalk.org/cve-2023-5713/https://www.wordfence.com/threat-intel/vulnerabilities/id/e9d1a33b-2518-48f7-90b6-a94a34473d1e?source=cvehttps://plugins.trac.wordpress.org/browser/system-dashboard/tags/2.8.7/admin/class-system-dashboard-admin.php#L6341https://plugins.trac.wordpress.org/browser/system-dashboard/tags/2.8.8/admin/class-system-dashboard-admin.php#L6357https://www.wordfence.com/threat-intel/vulnerabilities/id/e9d1a33b-2518-48f7-90b6-a94a34473d1e?source=cve
2023-12-07
Published