CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35669 – WordPress Debug Log Manager plugin <= 2.3.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-35669
03 Jun 2024 — Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1. Vulnerabilidad de autorización faltante en Bowo Debug Log Manager. Este problema afecta a Debug Log Manager: desde n/a hasta 2.3.1. The Debug Log Manager plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the get_latest_entries and disable_wp_file_editor functions in versions up to, and including, 2.3.1. This makes it... • https://patchstack.com/database/vulnerability/debug-log-manager/wordpress-debug-log-manager-plugin-2-3-1-broken-access-control-vulnerability-2?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33915 – WordPress Debug Log Manager plugin <= 2.3.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-33915
29 Apr 2024 — Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1. Vulnerabilidad de autorización faltante en Bowo Debug Log Manager. Este problema afecta a Debug Log Manager: desde n/a hasta 2.3.1. The Debug Log Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the toggle_debugging function in versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, wi... • https://patchstack.com/database/vulnerability/debug-log-manager/wordpress-debug-log-manager-plugin-2-3-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32582 – WordPress Debug Log Manager plugin <= 2.3.1 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-32582
16 Apr 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bowo Debug Log Manager allows Stored XSS.This issue affects Debug Log Manager: from n/a through 2.3.1. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en Bowo Debug Log Manager permite almacenar XSS. Este problema afecta a Debug Log Manager: desde n/a hasta 2.3.1. The Debug Log Manager plugin for WordPress is vulnerable to Stored Cro... • https://patchstack.com/database/vulnerability/debug-log-manager/wordpress-debug-log-manager-plugin-2-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6383 – Debug Log Manager < 2.3.0 - Sensitive Logs Exposure
https://notcve.org/view.php?id=CVE-2023-6383
13 Dec 2023 — The Debug Log Manager WordPress plugin before 2.3.0 contains a Directory listing vulnerability was discovered, which allows you to download the debug log without authorization and gain access to sensitive data El complemento Debug Log Manager de WordPress anterior a 2.3.0 contiene una vulnerabilidad de listado de directorio que le permite descargar el registro de depuración sin autorización y obtener acceso a datos confidenciales. The Debug Log Manager plugin for WordPress is vulnerable to Sensitive Informa... • https://wpscan.com/vulnerability/eae63103-3de6-4100-8f48-2bcf9a5c91fb • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5772 – Debug Log Manager <= 2.2.0 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2023-5772
29 Nov 2023 — The Debug Log Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the clear_log() function. This makes it possible for unauthenticated attackers to clear the debug log via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. El complemento Debug Log Manager para WordPress es vulnerable a Cross-Site Request Forgery en todas las... • https://plugins.trac.wordpress.org/browser/debug-log-manager/tags/2.2.0/classes/class-debug-log.php#L822 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6136 – WordPress Debug Log Manager Plugin <= 2.3.0 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-6136
23 Nov 2023 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.0. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Bowo Debug Log Manager. Este problema afecta a Debug Log Manager: desde n/a hasta 2.3.0. The Debug Log Manager plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_log() function hooked via AJAX in all versi... • https://patchstack.com/database/vulnerability/debug-log-manager/wordpress-debug-log-manager-plugin-2-2-0-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •