CVE-2025-13494

The CVE covers the WordPress plugin SSP Debug (WordPress SSP Debugging) with versions up to and including 1.0.0. Root cause: the plugin stores PHP error logs in a web-accessible location (wp-content/uploads/ssp-debug/ssp-debug.log) without access controls. Impact: unauthenticated attackers can vi...

Enter: Server responds with the server error logs on account creation

Impact Poorly protected response can provide a gold mine of information to an attacker, disclosing a host of sensitive information such as function and file names. This information may enable the attacker to immediately or later compromise the entire application. PoC 1. Create a new wallet. 2...