CVE-2023-5772

CVE-2023-5772 affects the WordPress plugin Debug Log Manager . The vulnerability is a Cross-Site Request Forgery (CSRF) in the clear_log() function, allowing unauthenticated attackers to trigger log clearing if a site admin can be tricked into performing an action. Affected versions are all up to...

WordPress plugin Debug Log Manager security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Debug Log Manager Plugin <= 2.2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Debug Log Manager Type Plugin Vulnerable versions = 2.2.1 Fixed in 2.2.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5772 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f9180ed4b5d0 Credits Dmitrii Ignatyev...

PT-2023-32314 · WordPress · Debug Log Manager

Name of the Vulnerable Software and Affected Versions: Debug Log Manager plugin for WordPress versions up to, and including, 2.2.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the clear log function. This allows unauthenticated...

PT-2023-27531

Name of the Vulnerable Software and Affected Versions EWWW Image Optimizer versions through 7.2.0 Description The issue is related to the exposure of sensitive information to an unauthorized actor. It only occurs when the debug.log is turned on. Recommendations For versions through 7.2.0, turn of...

GoTitan Botnet Spotted Exploiting Recent Apache ActiveMQ Vulnerability

The recently disclosed critical security flaw impacting Apache ActiveMQ is being actively exploited by threat actors to distribute a new Go-based botnet called GoTitan as well as a .NET program known as PrCtrl Rat that's capable of remotely commandeering the infected hosts. The attacks involve th...

Debug Log Manager < 2.2.2 - Subscriber+ Debug Log Clearing

Description The plugin does not have authorisation when clearing debug logs, allowing any authenticated users, such as subscriber to perform such action...

EWWW Image Optimizer < 7.2.1 - Unauthenticated Sensitive Information Exposure via Debug Log

Description The EWWW Image Optimizer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.0 via the debuglog function. This makes it possible for unauthenticated attackers to extract sensitive debug data when debug logging is enabled...

ProfilePress < 4.13.3 - Information Disclosure via Debug Log

Description The ProfilePress plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 4.13.2 via the unprotected access of debug logs. This makes it possible for unauthenticated attackers to retrieve the debug log which may contain information like system error...

WordPress Debug Log Manager Plugin <= 2.3.0 is vulnerable to Sensitive Data Exposure

Software Debug Log Manager Type Plugin Vulnerable versions = 2.3.0 Fixed in 2.3.1 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2023-6136 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 1d071b872ee6 Credits Joshua...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Ewww Image_Optimizer

CVE-2023-40600 EWWW Image Optimizer = 7.2.0 - Unauthentica...

Design/Logic Flaw

An insertion of sensitive information into log file vulnerability CWE-532 in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, version 5.4.0, versi...

CVE-2023-45585

An insertion of sensitive information into log file vulnerability CWE-532 in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, version 5.4.0, versi...

CVE-2023-45875

An issue was discovered in Couchbase Server 7.2.0. There is a private key leak in debug.log while adding a pre-7.0 node to a 7.2 cluster...

CVE-2023-45875

An issue was discovered in Couchbase Server 7.2.0. There is a private key leak in debug.log while adding a pre-7.0 node to a 7.2 cluster...

PYSEC-2023-235

An issue was discovered in Couchbase Server 7.2.0. There is a private key leak in debug.log while adding a pre-7.0 node to a 7.2 cluster...

PYSEC-2023-235

An issue was discovered in Couchbase Server 7.2.0. There is a private key leak in debug.log while adding a pre-7.0 node to a 7.2 cluster...

PT-2023-29738 · Couchbase · Couchbase Server

Name of the Vulnerable Software and Affected Versions: Couchbase Server version 7.2.0 Description: An issue was discovered in Couchbase Server where there is a private key leak in debug.log while adding a pre-7.0 node to a 7.2 cluster. Recommendations: For Couchbase Server version 7.2.0, consider...

Couchbase Server Security Vulnerability

Couchbase Server is a distributed open-source NoSQL non-relational database from Couchbase, Inc. that supports data querying, full-text search and active global replication. A security vulnerability exists in Couchbase Server version 7.2.0, which stems from a private key leak in debug.log...

CVE-2023-45875

An issue was discovered in Couchbase Server 7.2.0. There is a private key leak in debug.log while adding a pre-7.0 node to a 7.2 cluster...