Vulnerabilities > WP Dbmanager Project

DATE CVE VULNERABILITY TITLE RISK
2022-08-15 CVE-2022-2354 Incorrect Authorization vulnerability in Wp-Dbmanager Project Wp-Dbmanager
The WP-DBManager WordPress plugin before 2.80.8 does not prevent administrators from running arbitrary commands on the server in multisite installations, where only super-administrators should.
network
low complexity
wp-dbmanager-project CWE-863
7.2
2018-01-05 CVE-2014-8336 Improper Input Validation vulnerability in Wp-Dbmanager Project Wp-Dbmanager
The "Sql Run Query" panel in WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote attackers to read arbitrary files by leveraging failure to sufficiently limit queries, as demonstrated by use of LOAD_FILE in an INSERT statement.
network
low complexity
wp-dbmanager-project CWE-20
6.5
2018-01-05 CVE-2014-8335 Credentials Management vulnerability in Wp-Dbmanager Project Wp-Dbmanager
(1) wp-dbmanager.php and (2) database-manage.php in the WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.
local
low complexity
wp-dbmanager-project CWE-255
7.8