CVE-2025-5486

The WP Email Debug plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the WPMDBUGhandlesettings function in versions 1.0 to 1.1.0. This makes it possible for unauthenticated attackers to enable debugging and send all emails to an attacker controlled...

CVE-2025-5486

The WP Email Debug plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the WPMDBUGhandlesettings function in versions 1.0 to 1.1.0. This makes it possible for unauthenticated attackers to enable debugging and send all emails to an attacker controlled...

CVE-2025-5486 WP Email Debug 1.0 - 1.1.0 - Missing Authorization to Unauthenticated Privilege Escalation via Password Reset

The WP Email Debug plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the WPMDBUGhandlesettings function in versions 1.0 to 1.1.0. This makes it possible for unauthenticated attackers to enable debugging and send all emails to an attacker controlled...

CVE-2025-5486

CVE-2025-5486 affects the WordPress plugin WP Email Debug (versions 1.0–1.1.0). The vulnerability is a missing capability check in WPMDBUG_handle_settings(), enabling privilege escalation by unauthenticated actors: they can enable debugging, cause emails to be sent to an attacker-controlled addre...

PT-2025-24035 · WordPress · Wp Email Debug

Name of the Vulnerable Software and Affected Versions: WP Email Debug plugin for WordPress versions 1.0 to 1.1.0 Description: The issue is related to a missing capability check on the WPMDBUG handle settings function. This allows unauthenticated attackers to enable debugging, send all emails to a...