18 matches found
CVE-2025-9517
The atec Debug plugin for WordPress is vulnerable to remote code execution in all versions up to, and including, 1.2.22 via the 'customlog' parameter. This is due to insufficient sanitization when saving the custom log path. This makes it possible for authenticated attackers, with...
CVE-2025-9518
The atec Debug plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation on the 'debugpath' parameter in all versions up to, and including, 1.2.22. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete...
CVE-2025-9518
The atec Debug plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation on the 'debugpath' parameter in all versions up to, and including, 1.2.22. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete...
CVE-2025-9516
The atec Debug plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.22 via the 'customlog' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to view the contents of files outside of the original...
CVE-2025-9517 atec Debug <= 1.2.22 - Authenticated (Administrator+) Remote Code Execution
The atec Debug plugin for WordPress is vulnerable to remote code execution in all versions up to, and including, 1.2.22 via the 'customlog' parameter. This is due to insufficient sanitization when saving the custom log path. This makes it possible for authenticated attackers, with...
CVE-2025-9517 atec Debug <= 1.2.22 - Authenticated (Administrator+) Remote Code Execution
The atec Debug plugin for WordPress is vulnerable to remote code execution in all versions up to, and including, 1.2.22 via the 'customlog' parameter. This is due to insufficient sanitization when saving the custom log path. This makes it possible for authenticated attackers, with...
CVE-2025-9516 atec Debug <= 1.2.22 - Authenticated (Administrator+) Arbitrary File Read
The atec Debug plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.22 via the 'customlog' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to view the contents of files outside of the original...
CVE-2025-9517
CVE-2025-9517 : atec Debug plugin for WordPress (versions ≤ 1.2.22) is vulnerable to remote code execution via the vulnerable custom_log path handling. The root cause is insufficient sanitization when saving the custom_log path, enabling an authenticated attacker with Administrator+ privileges to...
CVE-2025-9516 atec Debug <= 1.2.22 - Authenticated (Administrator+) Arbitrary File Read
The atec Debug plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.22 via the 'customlog' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to view the contents of files outside of the original...
CVE-2025-9518
CVE-2025-9518 covers the atec Debug WordPress plugin (versions ≤ 1.2.22). The flaw is insufficient validation of the debug_path parameter, enabling authenticated users with Administrator+ rights to arbitrarily delete files (e.g., wp-config.php). This could facilitate remote code execution. The Wo...
CVE-2025-9518 atec Debug <= 1.2.22 - Authenticated (Administrator+) Arbitrary File Deletion
The atec Debug plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation on the 'debugpath' parameter in all versions up to, and including, 1.2.22. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete...
CVE-2025-9518 atec Debug <= 1.2.22 - Authenticated (Administrator+) Arbitrary File Deletion
The atec Debug plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation on the 'debugpath' parameter in all versions up to, and including, 1.2.22. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete...
WordPress plugin atec Debug 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...
WordPress plugin atec Debug 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress plugin atec Debug 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress atec Debug plugin <= 1.2.22 - Authenticated (Administrator+) Arbitrary File Deletion vulnerability
Authenticated Administrator+ Arbitrary File Deletion vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin atec Debug versions = 1.2.22...
WordPress atec Debug plugin <= 1.2.22 - Authenticated (Administrator+) Remote Code Execution vulnerability
Authenticated Administrator+ Remote Code Execution vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin atec Debug versions = 1.2.22...
WordPress atec Debug plugin <= 1.2.22 - Authenticated (Administrator+) Arbitrary File Read vulnerability
Authenticated Administrator+ Arbitrary File Read vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin atec Debug versions = 1.2.22...