CVE-2024-35669 – WordPress Debug Log Manager plugin <= 2.3.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-35669
Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1. Vulnerabilidad de autorización faltante en Bowo Debug Log Manager. Este problema afecta a Debug Log Manager: desde n/a hasta 2.3.1. The Debug Log Manager plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the get_latest_entries and disable_wp_file_editor functions in versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to get entries and disable the wp file editor. • https://patchstack.com/database/vulnerability/debug-log-manager/wordpress-debug-log-manager-plugin-2-3-1-broken-access-control-vulnerability-2?_s_id=cve • CWE-862: Missing Authorization •
CVE-2024-33915 – WordPress Debug Log Manager plugin <= 2.3.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-33915
Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1. Vulnerabilidad de autorización faltante en Bowo Debug Log Manager. Este problema afecta a Debug Log Manager: desde n/a hasta 2.3.1. The Debug Log Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the toggle_debugging function in versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to toggle debugging. • https://patchstack.com/database/vulnerability/debug-log-manager/wordpress-debug-log-manager-plugin-2-3-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVE-2024-32582 – WordPress Debug Log Manager plugin <= 2.3.1 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-32582
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bowo Debug Log Manager allows Stored XSS.This issue affects Debug Log Manager: from n/a through 2.3.1. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en Bowo Debug Log Manager permite almacenar XSS. Este problema afecta a Debug Log Manager: desde n/a hasta 2.3.1. The Debug Log Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/debug-log-manager/wordpress-debug-log-manager-plugin-2-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •