CVE-2025-26911 – WordPress System Dashboard plugin <= 2.8.18 - Sensitive Data Exposure vulnerability

https://notcve.org/view.php?id=CVE-2025-26911

23 Feb 2025 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Bowo System Dashboard allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects System Dashboard: from n/a through 2.8.18. The System Dashboard plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.18. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive user or config... • https://patchstack.com/database/wordpress/plugin/system-dashboard/vulnerability/wordpress-system-dashboard-plugin-2-8-18-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •