Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total10
Critical0
High0
Medium10
Reset
Showing 1-10 of 10 records
Threat Entry Updated 2025-09-26

CVE-2025-10377 - System Dashboard Plugin

The System Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.20. This is due to missing nonce validation on the sd_toggle_logs() function. This makes it possible for unauthenticated attackers to toggle critical logging settings including Page Access Logs, Error Logs, and Email Delivery Logs via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN System Dashboard

CVE-2025-10377

MEDIUM CVSS 4.3 2025-09-26
Open Full Technical Breakdown
Threat Entry Updated 2025-01-31

CVE-2024-12299 - System Dashboard Plugin

The System Dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the Filename parameter in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrative user into performing an action such as clicking on a link.

PLUGIN System Dashboard

CVE-2024-12299

MEDIUM CVSS 6.1 2025-01-30
Open Full Technical Breakdown
Threat Entry Updated 2025-05-17

CVE-2024-11107 - System Dashboard Plugin

The System Dashboard WordPress plugin before 2.8.15 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks.

PLUGIN System Dashboard

CVE-2024-11107

MEDIUM CVSS 6.1 2024-12-10
Open Full Technical Breakdown
Threat Entry Updated 2025-05-17

CVE-2024-10708 - System Dashboard Plugin

The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high privilege users such as admin to perform path traversal attacks an read arbitrary files on the server

PLUGIN System Dashboard

CVE-2024-10708

MEDIUM CVSS 4.9 2024-12-10
Open Full Technical Breakdown
Threat Entry Updated 2025-05-05

CVE-2023-7246 - System Dashboard Plugin

The System Dashboard WordPress plugin before 2.8.10 does not sanitize and escape some parameters, which could allow administrators in multisite WordPress configurations to perform Cross-Site Scripting attacks

PLUGIN System Dashboard

CVE-2023-7246

MEDIUM CVSS 5.4 2024-03-20
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5714 - System Dashboard Plugin

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_db_specs() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve data key specs.

PLUGIN System Dashboard

CVE-2023-5714

MEDIUM CVSS 4.3 2023-12-07
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5713 - System Dashboard Plugin

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_option_value() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve potentially sensitive option values, and deserialize the content of those values.

PLUGIN System Dashboard

CVE-2023-5713

MEDIUM CVSS 4.3 2023-12-07
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5712 - System Dashboard Plugin

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_global_value() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive global value information.

PLUGIN System Dashboard

CVE-2023-5712

MEDIUM CVSS 4.3 2023-12-07
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5711 - System Dashboard Plugin

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_php_info() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive information provided by PHP info.

PLUGIN System Dashboard

CVE-2023-5711

MEDIUM CVSS 4.3 2023-12-07
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5710 - System Dashboard Plugin

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_constants() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive information such as database credentials.

PLUGIN System Dashboard

CVE-2023-5710

MEDIUM CVSS 4.3 2023-12-07
Open Full Technical Breakdown
Scroll to top