Cross-Site Scripting Vulnerability in System Dashboard WordPress Plugin
CVE-2023-7246
Key Information:
- Vendor
- Wordpress
- Status
- Vendor
- CVE Published:
- 20 March 2024
Badges
Summary
The System Dashboard plugin for WordPress, prior to version 2.8.10, contains a vulnerability due to inadequate sanitization and escaping of certain parameters. This weakness primarily affects installations configured in a multisite environment, where it may allow malicious administrators to initiate Cross-Site Scripting (XSS) attacks. The exploitation of this vulnerability can potentially lead to unauthorized actions being executed within the administrative area, affecting the integrity and security of the WordPress installation.
Affected Version(s)
System Dashboard 0 < 2.8.10
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published
Vulnerability Reserved