cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2022-2354,https://securityvulnerability.io/vulnerability/CVE-2022-2354,WP-DBManager < 2.80.8 - Admin+ Remote Command Execution,"The WP-DBManager WordPress plugin before 2.80.8 does not prevent administrators from running arbitrary commands on the server in multisite installations, where only super-administrators should.",Wordpress,WP-dbmanager,7.2,HIGH,0.0011399999493733048,false,,false,false,false,,,false,false,,2022-08-15T08:36:54.000Z,0 CVE-2014-8336,https://securityvulnerability.io/vulnerability/CVE-2014-8336,,"The ""Sql Run Query"" panel in WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote attackers to read arbitrary files by leveraging failure to sufficiently limit queries, as demonstrated by use of LOAD_FILE in an INSERT statement.",Wordpress,WP-dbmanager,6.5,MEDIUM,0.0021299999207258224,false,,false,false,false,,,false,false,,2018-01-05T16:00:00.000Z,0 CVE-2014-8335,https://securityvulnerability.io/vulnerability/CVE-2014-8335,,"(1) wp-dbmanager.php and (2) database-manage.php in the WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.",Wordpress,WP-dbmanager,7.8,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2018-01-05T16:00:00.000Z,0 CVE-2014-8334,https://securityvulnerability.io/vulnerability/CVE-2014-8334,,"The WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) $backup['filepath'] (aka ""Path to Backup:"" field) or (2) $backup['mysqldumppath'] variable.",Wordpress,WP-dbmanager,,,0.011180000379681587,false,,false,false,false,,,false,false,,2014-10-31T14:00:00.000Z,0