cleantalk
Vulnerabilities and Security Researches

System Dashboard, CVE-2024-12299

CVE, Research URL

CVE-2024-12299

Home page URL

Security reports for System Dashboard

Application

System Dashboard

Published on
Jan 30, 2025
Research Description
The System Dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the Filename parameter in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrative user into performing an action such as clicking on a link.
Affected versions
Min -, max 2.8.18.
Status
vulnerable
Previous vulnerability researches
External image replace (CVE-2025-30535) , Mar 26, 2025
External image replace (CVE-2025-4279) , May 06, 2025
New vulnerability
Greenshift – animation and page builder blocks (CVE-2022-4974) , May 07, 2025
Majestic Support – Help Desk & Support Plugin (CVE-2024-13600) , May 07, 2025
Notibar – Notification Bar for WordPress (CVE-2024-11012) , May 07, 2025
Cision Block (CVE-2025-3782) , May 07, 2025
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin (CVE-2022-4974) , May 07, 2025