Unknown System Dashboard vulnerabilities
3 known vulnerabilities affecting unknown/system_dashboard.
Total CVEs
3
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2024-10708MEDIUMCVSS 4.9PoCfixed in 2.8.152024-12-10
CVE-2024-10708 [MEDIUM] CWE-22 CVE-2024-10708: The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, whi
The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high privilege users such as admin to perform path traversal attacks an read arbitrary files on the server
cvelistv5nvd
CVE-2024-11107MEDIUMCVSS 6.1fixed in 2.8.152024-12-10
CVE-2024-11107 [MEDIUM] CWE-79 CVE-2024-11107: The System Dashboard WordPress plugin before 2.8.15 does not sanitise and escape some parameters whe
The System Dashboard WordPress plugin before 2.8.15 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks.
cvelistv5nvd
CVE-2023-7246MEDIUMCVSS 5.4PoCfixed in 2.8.102024-03-20
CVE-2023-7246 [MEDIUM] CWE-79 CVE-2023-7246: The System Dashboard WordPress plugin before 2.8.10 does not sanitize and escape some parameters, wh
The System Dashboard WordPress plugin before 2.8.10 does not sanitize and escape some parameters, which could allow administrators in multisite WordPress configurations to perform Cross-Site Scripting attacks
cvelistv5nvd