Debug Log Manager < 2.2.2 - Subscriber+ Debug Log Clearing

2023-11-2800:00:00

wpscan.com

debug log manager

authorization

clearing

software

security

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

37.2%

JSON

Description The plugin does not have authorisation when clearing debug logs, allowing any authenticated users, such as subscriber to perform such action

References

research.cleantalk.org/cve-2023-6136-debug-log-manager-missing-authorization-csrf/

www.wordfence.com/threat-intel/vulnerabilities/id/33a54cae-0fa3-4c25-bf81-8423f5e01e84