Sensitive Data Exposure in Bowo System Dashboard on WordPress
CVE-2025-26911

4.3MEDIUM

Key Information:

Vendor: Bowo
Status: System Dashboard
Vendor: CVE Published:; 25 February 2025

Summary

A vulnerability exists in the Bowo System Dashboard, allowing unauthorized access to sensitive system information due to incorrectly configured access control security levels. This issue impacts versions from n/a up to 2.8.18, potentially enabling malicious actors to exploit exposed data. Users are advised to review their access control configurations and update to the latest version to mitigate risks.

Affected Version(s)

System Dashboard <= 2.8.18

References

https://patchstack.com/database/wordpress/plugin/system-d...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 25, 2025
Vulnerability Reserved
Feb 17, 2025

Credit

Trương Hữu Phúc (truonghuuphuc) (Patchstack Alliance)