Aggregates CVE and security vulnerability intelligence across all wp-dbmanager_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk input validation and vendor risk sql injection, with potential vendor impact unexpected behavior across vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-2354 | The WP-DBManager WordPress plugin before 2.80.8 does not prevent administrators from running arbitrary commands on the server in multisite installations, where only super-administrators should. | [email protected] | 7.2 | 0.77% | 2022-08-15 | 2024-11-21 |
| CVE-2014-8336 | The "Sql Run Query" panel in WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote attackers to read arbitrary files by leveraging failure to sufficiently limit queries, as demonstrated by use of LOAD_FILE in an INSERT statement. | [email protected] | 6.5 | 1.23% | 2018-01-05 | 2024-11-21 |
| CVE-2014-8335 | (1) wp-dbmanager.php and (2) database-manage.php in the WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process. | [email protected] | 7.8 | 0.11% | 2018-01-05 | 2024-11-21 |
| CVE-2014-8334 | The WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) $backup['filepath'] (aka "Path to Backup:" field) or (2) $backup['mysqldumppath'] variable. | [email protected] | 6.5 | 4.30% | 2014-10-31 | 2026-05-06 |