During testing of the plugin, a vulnerability was discovered that allows the user, starting from the “Subscriber” (lower privs) privileges, to access AJAX requests that can output the following data: phpinfo() and all the information that the plugin can output about the web application

Main info:

PluginSystem Dashboard <= 2.8.7
All Time20 534
Active installations1 000+
Publicly PublishedJanuary 1, 2024
Last UpdatedJanuary 1, 2024
ResearcherDmtirii Ignatyev
OWASP TOP-10A3: Sensitive Data Exposure
Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5711
Plugin Security Certification by CleanTalk


November 10, 2023Plugin testing and vulnerability detection in the System Dashboard plugin have been completed
November 10, 2023I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
November 15, 2023The author fixed the vulnerability and released the plugin update
January 1, 2024Registered CVE-2023-5711

Discovery of the Vulnerability

During the examination of the System Dashboard plugin for WordPress, a security vulnerability was identified that allows unauthorized access to sensitive data. This flaw stems from a lack of capability check on the sd_php_info() function, which is hooked via an AJAX action in all versions of the plugin up to, and including, 2.8.7. As a result, authenticated attackers with subscriber-level access and above can exploit this vulnerability to retrieve sensitive information provided by PHP info.

Understanding of Broken Logic Control attack’s

Broken logic control vulnerabilities occur when the logic or conditions used to enforce security checks or access controls within an application are flawed or improperly implemented. In WordPress, such vulnerabilities can lead to unintended consequences, such as unauthorized access to sensitive data or functionality. Real examples of broken logic control vulnerabilities in WordPress include bypassing authentication mechanisms, accessing restricted resources, or executing privileged actions without proper authorization. In the case of the System Dashboard plugin, the absence of a capability check allows attackers to circumvent access controls and retrieve PHP info data.

Exploiting the Broken Logic Control Vulnerability

To exploit the broken logic control vulnerability in the System Dashboard plugin, an authenticated attacker with subscriber-level access or higher can trigger the sd_php_info() function through an AJAX request. Since the plugin fails to enforce proper capability checks, the attacker can retrieve PHP info data without the necessary permissions.

By exploiting this vulnerability, the attacker can gain insight into sensitive server information, potentially identifying weaknesses or misconfigurations that could be exploited further.

POC request:



Recommendations for Improved Security

  • Update the System Dashboard plugin to the latest patched version provided by the plugin developer.
  • Implement proper access controls and capability checks to restrict access to sensitive functionality or data.
  • Regularly audit and monitor plugin code for vulnerabilities, and promptly apply security patches or fixes as they become available.
  • Educate users, especially administrators and developers, about the importance of securing sensitive information and practicing safe coding practices.
  • Consider utilizing security plugins or web application firewalls (WAFs) that can detect and block unauthorized access attempts or suspicious activity.
  • Stay informed about security best practices and emerging threats by subscribing to security mailing lists, following security blogs, and participating in relevant communities or forums.

By addressing these recommendations, the System Dashboard plugin can significantly bolster its security posture, preventing unauthorized access to sensitive data and enhancing the overall protection of WordPress installations.

#WordPressSecurity #BrokenLogicControl #WebsiteSafety #StayProtected #MediumVulnerability

Use CleanTalk solutions to improve the security of your website


Create your CleanTalk account

By signing up, you agree with license. Have an account? Log in.
CVE-2023-5711 – System Dashboard – Broken Logical Control to PHP info disclosure – POC

Leave a Reply

Your email address will not be published. Required fields are marked *