CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6383 – Debug Log Manager < 2.3.0 - Sensitive Logs Exposure
https://notcve.org/view.php?id=CVE-2023-6383
13 Dec 2023 — The Debug Log Manager WordPress plugin before 2.3.0 contains a Directory listing vulnerability was discovered, which allows you to download the debug log without authorization and gain access to sensitive data El complemento Debug Log Manager de WordPress anterior a 2.3.0 contiene una vulnerabilidad de listado de directorio que le permite descargar el registro de depuración sin autorización y obtener acceso a datos confidenciales. The Debug Log Manager plugin for WordPress is vulnerable to Sensitive Informa... • https://wpscan.com/vulnerability/eae63103-3de6-4100-8f48-2bcf9a5c91fb • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5710 – System Dashboard <= 2.8.7 - Missing Authorization to Information Disclosure (sd_constants)
https://notcve.org/view.php?id=CVE-2023-5710
06 Dec 2023 — The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_constants() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive information such as database credentials. El complemento System Dashboard para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificación d... • https://plugins.trac.wordpress.org/browser/system-dashboard/tags/2.8.7/admin/class-system-dashboard-admin.php#L7930 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5711 – System Dashboard <= 2.8.8 - Missing Authorization to Information Disclosure (sd_php_info)
https://notcve.org/view.php?id=CVE-2023-5711
06 Dec 2023 — The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_php_info() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive information provided by PHP info. El complemento System Dashboard para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificación de capacid... • https://plugins.trac.wordpress.org/browser/system-dashboard/tags/2.8.7/admin/class-system-dashboard-admin.php#L1925 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5712 – System Dashboard <= 2.8.7 - Missing Authorization to Information Disclosure (sd_global_value)
https://notcve.org/view.php?id=CVE-2023-5712
06 Dec 2023 — The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_global_value() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive global value information. El complemento System Dashboard para WordPress es vulnerable al acceso no autorizado a los datos debido a una verificación de capacidad faltante e... • https://plugins.trac.wordpress.org/browser/system-dashboard/tags/2.8.7/admin/class-system-dashboard-admin.php#L7382 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5713 – System Dashboard <= 2.8.7 - Missing Authorization to Information Disclosure (sd_option_value)
https://notcve.org/view.php?id=CVE-2023-5713
06 Dec 2023 — The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_option_value() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve potentially sensitive option values, and deserialize the content of those values. El complemento System Dashboard para WordPress es vulnerable al acceso no autorizado a los datos deb... • https://plugins.trac.wordpress.org/browser/system-dashboard/tags/2.8.7/admin/class-system-dashboard-admin.php#L6341 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5714 – System Dashboard <= 2.8.7 - Missing Authorization to Information Disclosure (sd_db_specs)
https://notcve.org/view.php?id=CVE-2023-5714
06 Dec 2023 — The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_db_specs() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve data key specs. El complemento System Dashboard para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificación de capacidad en la función sd_db_specs... • https://plugins.trac.wordpress.org/browser/system-dashboard/tags/2.8.7/admin/class-system-dashboard-admin.php#L2942 • CWE-862: Missing Authorization •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5772 – Debug Log Manager <= 2.2.0 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2023-5772
29 Nov 2023 — The Debug Log Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the clear_log() function. This makes it possible for unauthenticated attackers to clear the debug log via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. El complemento Debug Log Manager para WordPress es vulnerable a Cross-Site Request Forgery en todas las... • https://plugins.trac.wordpress.org/browser/debug-log-manager/tags/2.2.0/classes/class-debug-log.php#L822 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6136 – WordPress Debug Log Manager Plugin <= 2.3.0 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-6136
23 Nov 2023 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.0. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Bowo Debug Log Manager. Este problema afecta a Debug Log Manager: desde n/a hasta 2.3.0. The Debug Log Manager plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_log() function hooked via AJAX in all versi... • https://patchstack.com/database/vulnerability/debug-log-manager/wordpress-debug-log-manager-plugin-2-2-0-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •