cleantalk
Vulnerabilities and Security Researches

System Dashboard, CVE-2024-12299

CVE, Research URL

CVE-2024-12299

Home page URL

Security reports for System Dashboard

Application

System Dashboard

Published on
Jan 30, 2025
Research Description
The System Dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the Filename parameter in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrative user into performing an action such as clicking on a link.
Affected versions
Min -, max 2.8.18.
Status
vulnerable
Previous vulnerability researches
Premium Addons for Elementor (CVE-2024-6495) , Jul 13, 2024
Premium Addons for Elementor (CVE-2024-56225) , Dec 23, 2024
Premium Addons for Elementor (CVE-2024-2664) , Jun 07, 2024
Premium Addons for Elementor (CVE-2021-24257) , Jun 07, 2024
Premium Addons for Elementor (CVE-2024-1242) , Jun 07, 2024
New vulnerability
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin (CVE-2022-4974) , May 07, 2025
BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages (CVE-2024-13358) , May 07, 2025
kStats Reloaded (CVE-2025-46440) , May 07, 2025
Group Chat & Video Chat by AtomChat (CVE-2025-31831) , May 07, 2025
Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, (CVE-2024-39667) , May 07, 2025