CVE-2025-10377

Name of the Vulnerable Software and Affected Versions System Dashboard plugin for WordPress versions prior to 2.8.21

Description The System Dashboard plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF). This is caused by a lack of nonce validation in the sd toggle logs() function. An unauthenticated attacker could potentially manipulate critical logging settings—including Page Access Logs, Error Logs, and Email Delivery Logs—by forging a request, provided they can trick a site administrator into performing an action.

Recommendations Update the System Dashboard plugin to version 2.8.21 or later.