3 results (0.001 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1. Vulnerabilidad de autorización faltante en Bowo Debug Log Manager. Este problema afecta a Debug Log Manager: desde n/a hasta 2.3.1. The Debug Log Manager plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the get_latest_entries and disable_wp_file_editor functions in versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to get entries and disable the wp file editor. • https://patchstack.com/database/vulnerability/debug-log-manager/wordpress-debug-log-manager-plugin-2-3-1-broken-access-control-vulnerability-2?_s_id=cve • CWE-862: Missing Authorization •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1. Vulnerabilidad de autorización faltante en Bowo Debug Log Manager. Este problema afecta a Debug Log Manager: desde n/a hasta 2.3.1. The Debug Log Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the toggle_debugging function in versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to toggle debugging. • https://patchstack.com/database/vulnerability/debug-log-manager/wordpress-debug-log-manager-plugin-2-3-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bowo Debug Log Manager allows Stored XSS.This issue affects Debug Log Manager: from n/a through 2.3.1. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en Bowo Debug Log Manager permite almacenar XSS. Este problema afecta a Debug Log Manager: desde n/a hasta 2.3.1. The Debug Log Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/debug-log-manager/wordpress-debug-log-manager-plugin-2-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •