CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5710 – System Dashboard <= 2.8.7 - Missing Authorization to Information Disclosure (sd_constants)
https://notcve.org/view.php?id=CVE-2023-5710
06 Dec 2023 — The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_constants() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive information such as database credentials. El complemento System Dashboard para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificación d... • https://plugins.trac.wordpress.org/browser/system-dashboard/tags/2.8.7/admin/class-system-dashboard-admin.php#L7930 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5711 – System Dashboard <= 2.8.8 - Missing Authorization to Information Disclosure (sd_php_info)
https://notcve.org/view.php?id=CVE-2023-5711
06 Dec 2023 — The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_php_info() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive information provided by PHP info. El complemento System Dashboard para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificación de capacid... • https://plugins.trac.wordpress.org/browser/system-dashboard/tags/2.8.7/admin/class-system-dashboard-admin.php#L1925 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5712 – System Dashboard <= 2.8.7 - Missing Authorization to Information Disclosure (sd_global_value)
https://notcve.org/view.php?id=CVE-2023-5712
06 Dec 2023 — The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_global_value() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive global value information. El complemento System Dashboard para WordPress es vulnerable al acceso no autorizado a los datos debido a una verificación de capacidad faltante e... • https://plugins.trac.wordpress.org/browser/system-dashboard/tags/2.8.7/admin/class-system-dashboard-admin.php#L7382 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5713 – System Dashboard <= 2.8.7 - Missing Authorization to Information Disclosure (sd_option_value)
https://notcve.org/view.php?id=CVE-2023-5713
06 Dec 2023 — The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_option_value() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve potentially sensitive option values, and deserialize the content of those values. El complemento System Dashboard para WordPress es vulnerable al acceso no autorizado a los datos deb... • https://plugins.trac.wordpress.org/browser/system-dashboard/tags/2.8.7/admin/class-system-dashboard-admin.php#L6341 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5714 – System Dashboard <= 2.8.7 - Missing Authorization to Information Disclosure (sd_db_specs)
https://notcve.org/view.php?id=CVE-2023-5714
06 Dec 2023 — The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_db_specs() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve data key specs. El complemento System Dashboard para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificación de capacidad en la función sd_db_specs... • https://plugins.trac.wordpress.org/browser/system-dashboard/tags/2.8.7/admin/class-system-dashboard-admin.php#L2942 • CWE-862: Missing Authorization •