CVSS: 9.8EPSS: %CPEs: 1EXPL: 0CVE-2025-32486 – Material Dashboard <= 1.4.6 - Unauthenticated Privilege Escalation
https://notcve.org/view.php?id=CVE-2025-32486
14 Apr 2025 — The Material Dashboard plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.4.6. This is due to the plugin not utilizing sufficiently random values in the publicAjaxHandler() function. This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator. • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31014 – WordPress Material Dashboard <= 1.4.5 - Local File Inclusion Vulnerability
https://notcve.org/view.php?id=CVE-2025-31014
09 Apr 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ho3einie Material Dashboard allows PHP Local File Inclusion. This issue affects Material Dashboard: from n/a through 1.4.5. The Material Dashboard plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to include and execute arbitrary files on the server... • https://patchstack.com/database/wordpress/plugin/material-dashboard/vulnerability/wordpress-material-dashboard-1-4-5-local-file-inclusion-vulnerability-2?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31097 – WordPress Material Dashboard <= 1.4.5 - Local File Inclusion Vulnerability
https://notcve.org/view.php?id=CVE-2025-31097
01 Apr 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ho3einie Material Dashboard allows PHP Local File Inclusion. This issue affects Material Dashboard: from n/a through 1.4.5. The Material Dashboard plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.4.5. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP cod... • https://patchstack.com/database/wordpress/plugin/material-dashboard/vulnerability/wordpress-material-dashboard-1-4-5-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31095 – WordPress Material Dashboard <= 1.4.5 - Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-31095
28 Mar 2025 — Authentication Bypass Using an Alternate Path or Channel vulnerability in ho3einie Material Dashboard allows Authentication Bypass. This issue affects Material Dashboard: from n/a through 1.4.5. The Material Dashboard plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.4.5. This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator. • https://patchstack.com/database/wordpress/plugin/material-dashboard/vulnerability/wordpress-material-dashboard-1-4-5-privilege-escalation-vulnerability?_s_id=cve • CWE-269: Improper Privilege Management CWE-288: Authentication Bypass Using an Alternate Path or Channel •