Bowo

System Dashboard

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2025-26911

  • EPSS 0.12%
  • Veröffentlicht 25.02.2025 15:15:26
  • Zuletzt bearbeitet 25.02.2025 15:15:26

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Bowo System Dashboard allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects System Dashboard: from n/a through 2.8.18.

6.1

CVE-2024-12299

  • EPSS 0.52%
  • Veröffentlicht 30.01.2025 14:15:32
  • Zuletzt bearbeitet 31.01.2025 18:22:07

The System Dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the Filename parameter in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping. This makes it possible for u...

4.9

CVE-2024-10708

Exploit
  • EPSS 4.83%
  • Veröffentlicht 10.12.2024 06:15:20
  • Zuletzt bearbeitet 17.05.2025 02:00:25

The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high privilege users such as admin to perform path traversal attacks an read arbitrary files on the server

6.1

CVE-2024-11107

Exploit
  • EPSS 1.24%
  • Veröffentlicht 10.12.2024 06:15:20
  • Zuletzt bearbeitet 17.05.2025 02:02:04

The System Dashboard WordPress plugin before 2.8.15 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks.

5.4

CVE-2023-7246

Exploit
  • EPSS 1.8%
  • Veröffentlicht 20.03.2024 05:15:45
  • Zuletzt bearbeitet 05.05.2025 18:50:03

The System Dashboard WordPress plugin before 2.8.10 does not sanitize and escape some parameters, which could allow administrators in multisite WordPress configurations to perform Cross-Site Scripting attacks

4.3

CVE-2023-5713

  • EPSS 0.28%
  • Veröffentlicht 07.12.2023 02:15:07
  • Zuletzt bearbeitet 21.11.2024 08:42:20

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_option_value() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible f...

4.3

CVE-2023-5714

  • EPSS 0.2%
  • Veröffentlicht 07.12.2023 02:15:07
  • Zuletzt bearbeitet 21.11.2024 08:42:20

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_db_specs() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for a...

4.3

CVE-2023-5710

  • EPSS 0.2%
  • Veröffentlicht 07.12.2023 02:15:06
  • Zuletzt bearbeitet 21.11.2024 08:42:19

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_constants() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for ...

4.3

CVE-2023-5711

  • EPSS 0.2%
  • Veröffentlicht 07.12.2023 02:15:06
  • Zuletzt bearbeitet 21.11.2024 08:42:20

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_php_info() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for a...

4.3

CVE-2023-5712

  • EPSS 0.2%
  • Veröffentlicht 07.12.2023 02:15:06
  • Zuletzt bearbeitet 21.11.2024 08:42:20

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_global_value() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible f...