1 results (0.003 seconds)
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2025-5486 – WP Email Debug 1.0 - 1.1.0 - Missing Authorization to Unauthenticated Privilege Escalation via Password Reset
https://notcve.org/view.php?id=CVE-2025-5486
05 Jun 2025 — The WP Email Debug plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the WPMDBUG_handle_settings() function in versions 1.0 to 1.1.0. This makes it possible for unauthenticated attackers to enable debugging and send all emails to an attacker controlled address and then trigger a password reset for an administrator to gain access to an administrator account. • https://www.wordfence.com/threat-intel/vulnerabilities/id/d3af64a2-3bd6-47af-919e-00c5249dcc74?source=cve • CWE-862: Missing Authorization •