cleantalk
Vulnerabilities and Security Researches

System Dashboard, CVE-2025-10377

CVE, Research URL

CVE-2025-10377

Home page URL

Security reports for System Dashboard

Application

System Dashboard

Published on
Sep 26, 2025
Research Description
The System Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.20. This is due to missing nonce validation on the sd_toggle_logs() function. This makes it possible for unauthenticated attackers to toggle critical logging settings including Page Access Logs, Error Logs, and Email Delivery Logs via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 2.8.21.
Status
vulnerable
Previous vulnerability researches
qnotsquiz (CVE-2025-12016) , Nov 10, 2025
New vulnerability
Email Tracker – Email Tracking Plugin to track Emails for Open and Email Links Click (Compatible with WooCommerce) (CVE-2025-10047) , Nov 11, 2025
Advanced Ads – Ad Manager & AdSense (CVE-2025-10487) , Nov 11, 2025
Social proof testimonials and reviews by Repuso (CVE-2025-62071) , Nov 11, 2025
Error Log Viewer by BestWebSoft (CVE-2025-9950) , Nov 11, 2025
Fidelo Snippet (CVE-2025-53351) , Nov 11, 2025