Search criteria
12 vulnerabilities found for debug_log_manager by bowo
FKIE_CVE-2024-35669
Vulnerability from fkie_nvd - Published: 2024-06-09 12:15 - Updated: 2024-11-26 16:52
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bowo | debug_log_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bowo:debug_log_manager:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "AD1B7590-42B1-4C08-977D-7BD58DEB1E11",
"versionEndExcluding": "2.3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1."
},
{
"lang": "es",
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en Bowo Debug Log Manager. Este problema afecta a Debug Log Manager: desde n/a hasta 2.3.1."
}
],
"id": "CVE-2024-35669",
"lastModified": "2024-11-26T16:52:35.567",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "audit@patchstack.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-09T12:15:14.197",
"references": [
{
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/debug-log-manager/wordpress-debug-log-manager-plugin-2-3-1-broken-access-control-vulnerability-2?_s_id=cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/debug-log-manager/wordpress-debug-log-manager-plugin-2-3-1-broken-access-control-vulnerability-2?_s_id=cve"
}
],
"sourceIdentifier": "audit@patchstack.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "audit@patchstack.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-6383
Vulnerability from fkie_nvd - Published: 2024-01-08 19:15 - Updated: 2025-04-17 18:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
The Debug Log Manager WordPress plugin before 2.3.0 contains a Directory listing vulnerability was discovered, which allows you to download the debug log without authorization and gain access to sensitive data
References
| URL | Tags | ||
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/eae63103-3de6-4100-8f48-2bcf9a5c91fb | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/eae63103-3de6-4100-8f48-2bcf9a5c91fb | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bowo | debug_log_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bowo:debug_log_manager:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "622D4D91-19A8-4BE9-9CA9-11B7AA14192C",
"versionEndExcluding": "2.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Debug Log Manager WordPress plugin before 2.3.0 contains a Directory listing vulnerability was discovered, which allows you to download the debug log without authorization and gain access to sensitive data"
},
{
"lang": "es",
"value": "El complemento Debug Log Manager de WordPress anterior a 2.3.0 contiene una vulnerabilidad de listado de directorio que le permite descargar el registro de depuraci\u00f3n sin autorizaci\u00f3n y obtener acceso a datos confidenciales."
}
],
"id": "CVE-2023-6383",
"lastModified": "2025-04-17T18:15:46.343",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-01-08T19:15:10.183",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/eae63103-3de6-4100-8f48-2bcf9a5c91fb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/eae63103-3de6-4100-8f48-2bcf9a5c91fb"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-6136
Vulnerability from fkie_nvd - Published: 2023-11-30 14:15 - Updated: 2024-11-21 08:43
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bowo | debug_log_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bowo:debug_log_manager:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "DAD0EB36-A3C4-42AF-820C-919E787E5C2F",
"versionEndExcluding": "2.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.0.\n\n"
},
{
"lang": "es",
"value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en Bowo Debug Log Manager. Este problema afecta a Debug Log Manager: desde n/a hasta 2.3.0."
}
],
"id": "CVE-2023-6136",
"lastModified": "2024-11-21T08:43:12.523",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "audit@patchstack.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-30T14:15:14.983",
"references": [
{
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/debug-log-manager/wordpress-debug-log-manager-plugin-2-2-0-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/debug-log-manager/wordpress-debug-log-manager-plugin-2-2-0-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
}
],
"sourceIdentifier": "audit@patchstack.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "audit@patchstack.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-5772
Vulnerability from fkie_nvd - Published: 2023-11-30 04:15 - Updated: 2024-11-21 08:42
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Summary
The Debug Log Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the clear_log() function. This makes it possible for unauthenticated attackers to clear the debug log via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bowo | debug_log_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bowo:debug_log_manager:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "599998F9-965D-4DF6-ADCA-3F0B63F922D3",
"versionEndIncluding": "2.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Debug Log Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the clear_log() function. This makes it possible for unauthenticated attackers to clear the debug log via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento Debug Log Manager para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 2.2.1 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n clear_log(). Esto hace posible que atacantes no autenticados borre el registro de depuraci\u00f3n mediante una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"id": "CVE-2023-5772",
"lastModified": "2024-11-21T08:42:27.523",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security@wordfence.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-30T04:15:08.090",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Release Notes"
],
"url": "https://plugins.trac.wordpress.org/browser/debug-log-manager/tags/2.2.0/classes/class-debug-log.php#L822"
},
{
"source": "security@wordfence.com",
"tags": [
"Release Notes"
],
"url": "https://plugins.trac.wordpress.org/browser/debug-log-manager/tags/2.2.2/classes/class-debug-log.php#L828"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7e539549-1125-4b0e-aa3c-c8844041c23a?source=cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://plugins.trac.wordpress.org/browser/debug-log-manager/tags/2.2.0/classes/class-debug-log.php#L822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://plugins.trac.wordpress.org/browser/debug-log-manager/tags/2.2.2/classes/class-debug-log.php#L828"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7e539549-1125-4b0e-aa3c-c8844041c23a?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-35669 (GCVE-0-2024-35669)
Vulnerability from cvelistv5 – Published: 2024-06-09 11:55 – Updated: 2024-08-02 03:14
VLAI?
Title
WordPress Debug Log Manager plugin <= 2.3.1 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1.
Severity ?
4.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bowo | Debug Log Manager |
Affected:
n/a , ≤ 2.3.1
(custom)
|
Credits
Majed Refaea (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35669",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-10T14:13:23.794112Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T14:13:29.682Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:14:53.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/debug-log-manager/wordpress-debug-log-manager-plugin-2-3-1-broken-access-control-vulnerability-2?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "debug-log-manager",
"product": "Debug Log Manager",
"vendor": "Bowo",
"versions": [
{
"changes": [
{
"at": "2.3.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.3.1",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Majed Refaea (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in Bowo Debug Log Manager.\u003cp\u003eThis issue affects Debug Log Manager: from n/a through 2.3.1.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-09T11:55:09.155Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/debug-log-manager/wordpress-debug-log-manager-plugin-2-3-1-broken-access-control-vulnerability-2?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 2.3.2 or a higher version."
}
],
"value": "Update to 2.3.2 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Debug Log Manager plugin \u003c= 2.3.1 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-35669",
"datePublished": "2024-06-09T11:55:09.155Z",
"dateReserved": "2024-05-17T10:08:34.666Z",
"dateUpdated": "2024-08-02T03:14:53.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6383 (GCVE-0-2023-6383)
Vulnerability from cvelistv5 – Published: 2024-01-08 19:00 – Updated: 2025-04-17 18:07
VLAI?
Title
Debug Log Manager < 2.3.0 - Sensitive Logs Exposure
Summary
The Debug Log Manager WordPress plugin before 2.3.0 contains a Directory listing vulnerability was discovered, which allows you to download the debug log without authorization and gain access to sensitive data
Severity ?
7.5 (High)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Debug Log Manager |
Affected:
0 , < 2.3.0
(semver)
|
Credits
Dmitrii Ignatyev
WPScan
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:21.798Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/eae63103-3de6-4100-8f48-2bcf9a5c91fb"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-6383",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-10T15:40:37.131991Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T18:07:00.271Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "Debug Log Manager",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.3.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmitrii Ignatyev"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Debug Log Manager WordPress plugin before 2.3.0 contains a Directory listing vulnerability was discovered, which allows you to download the debug log without authorization and gain access to sensitive data"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-08T19:00:34.142Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/eae63103-3de6-4100-8f48-2bcf9a5c91fb"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Debug Log Manager \u003c 2.3.0 - Sensitive Logs Exposure",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2023-6383",
"datePublished": "2024-01-08T19:00:34.142Z",
"dateReserved": "2023-11-29T15:20:50.830Z",
"dateUpdated": "2025-04-17T18:07:00.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6136 (GCVE-0-2023-6136)
Vulnerability from cvelistv5 – Published: 2023-11-30 14:14 – Updated: 2024-08-02 08:21
VLAI?
Title
WordPress Debug Log Manager Plugin <= 2.3.0 is vulnerable to Sensitive Data Exposure
Summary
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.0.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bowo | Debug Log Manager |
Affected:
n/a , ≤ 2.3.0
(custom)
|
Credits
Joshua Chan (Patchstack Alliance)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:21:17.724Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/debug-log-manager/wordpress-debug-log-manager-plugin-2-2-0-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "debug-log-manager",
"product": "Debug Log Manager",
"vendor": "Bowo",
"versions": [
{
"changes": [
{
"at": "2.3.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.3.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Joshua Chan (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Bowo Debug Log Manager.\u003cp\u003eThis issue affects Debug Log Manager: from n/a through 2.3.0.\u003c/p\u003e"
}
],
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.0.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-30T14:14:32.153Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/debug-log-manager/wordpress-debug-log-manager-plugin-2-2-0-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u0026nbsp;2.3.1 or a higher version."
}
],
"value": "Update to\u00a02.3.1 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Debug Log Manager Plugin \u003c= 2.3.0 is vulnerable to Sensitive Data Exposure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-6136",
"datePublished": "2023-11-30T14:14:32.153Z",
"dateReserved": "2023-11-14T22:17:55.106Z",
"dateUpdated": "2024-08-02T08:21:17.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5772 (GCVE-0-2023-5772)
Vulnerability from cvelistv5 – Published: 2023-11-30 03:32 – Updated: 2024-08-02 08:07
VLAI?
Summary
The Debug Log Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the clear_log() function. This makes it possible for unauthenticated attackers to clear the debug log via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity ?
4.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| qriouslad | Debug Log Manager |
Affected:
* , ≤ 2.2.1
(semver)
|
Credits
Dmitrii Ignatyev
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7e539549-1125-4b0e-aa3c-c8844041c23a?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/debug-log-manager/tags/2.2.0/classes/class-debug-log.php#L822"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/debug-log-manager/tags/2.2.2/classes/class-debug-log.php#L828"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Debug Log Manager",
"vendor": "qriouslad",
"versions": [
{
"lessThanOrEqual": "2.2.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmitrii Ignatyev"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Debug Log Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the clear_log() function. This makes it possible for unauthenticated attackers to clear the debug log via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-30T03:32:49.964Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7e539549-1125-4b0e-aa3c-c8844041c23a?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/debug-log-manager/tags/2.2.0/classes/class-debug-log.php#L822"
},
{
"url": "https://plugins.trac.wordpress.org/browser/debug-log-manager/tags/2.2.2/classes/class-debug-log.php#L828"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-11-29T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-5772",
"datePublished": "2023-11-30T03:32:49.964Z",
"dateReserved": "2023-10-25T22:04:46.513Z",
"dateUpdated": "2024-08-02T08:07:32.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35669 (GCVE-0-2024-35669)
Vulnerability from nvd – Published: 2024-06-09 11:55 – Updated: 2024-08-02 03:14
VLAI?
Title
WordPress Debug Log Manager plugin <= 2.3.1 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1.
Severity ?
4.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bowo | Debug Log Manager |
Affected:
n/a , ≤ 2.3.1
(custom)
|
Credits
Majed Refaea (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35669",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-10T14:13:23.794112Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T14:13:29.682Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:14:53.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/debug-log-manager/wordpress-debug-log-manager-plugin-2-3-1-broken-access-control-vulnerability-2?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "debug-log-manager",
"product": "Debug Log Manager",
"vendor": "Bowo",
"versions": [
{
"changes": [
{
"at": "2.3.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.3.1",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Majed Refaea (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in Bowo Debug Log Manager.\u003cp\u003eThis issue affects Debug Log Manager: from n/a through 2.3.1.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-09T11:55:09.155Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/debug-log-manager/wordpress-debug-log-manager-plugin-2-3-1-broken-access-control-vulnerability-2?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 2.3.2 or a higher version."
}
],
"value": "Update to 2.3.2 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Debug Log Manager plugin \u003c= 2.3.1 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-35669",
"datePublished": "2024-06-09T11:55:09.155Z",
"dateReserved": "2024-05-17T10:08:34.666Z",
"dateUpdated": "2024-08-02T03:14:53.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6383 (GCVE-0-2023-6383)
Vulnerability from nvd – Published: 2024-01-08 19:00 – Updated: 2025-04-17 18:07
VLAI?
Title
Debug Log Manager < 2.3.0 - Sensitive Logs Exposure
Summary
The Debug Log Manager WordPress plugin before 2.3.0 contains a Directory listing vulnerability was discovered, which allows you to download the debug log without authorization and gain access to sensitive data
Severity ?
7.5 (High)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Debug Log Manager |
Affected:
0 , < 2.3.0
(semver)
|
Credits
Dmitrii Ignatyev
WPScan
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:21.798Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/eae63103-3de6-4100-8f48-2bcf9a5c91fb"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-6383",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-10T15:40:37.131991Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T18:07:00.271Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "Debug Log Manager",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.3.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmitrii Ignatyev"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Debug Log Manager WordPress plugin before 2.3.0 contains a Directory listing vulnerability was discovered, which allows you to download the debug log without authorization and gain access to sensitive data"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-08T19:00:34.142Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/eae63103-3de6-4100-8f48-2bcf9a5c91fb"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Debug Log Manager \u003c 2.3.0 - Sensitive Logs Exposure",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2023-6383",
"datePublished": "2024-01-08T19:00:34.142Z",
"dateReserved": "2023-11-29T15:20:50.830Z",
"dateUpdated": "2025-04-17T18:07:00.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6136 (GCVE-0-2023-6136)
Vulnerability from nvd – Published: 2023-11-30 14:14 – Updated: 2024-08-02 08:21
VLAI?
Title
WordPress Debug Log Manager Plugin <= 2.3.0 is vulnerable to Sensitive Data Exposure
Summary
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.0.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bowo | Debug Log Manager |
Affected:
n/a , ≤ 2.3.0
(custom)
|
Credits
Joshua Chan (Patchstack Alliance)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:21:17.724Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/debug-log-manager/wordpress-debug-log-manager-plugin-2-2-0-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "debug-log-manager",
"product": "Debug Log Manager",
"vendor": "Bowo",
"versions": [
{
"changes": [
{
"at": "2.3.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.3.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Joshua Chan (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Bowo Debug Log Manager.\u003cp\u003eThis issue affects Debug Log Manager: from n/a through 2.3.0.\u003c/p\u003e"
}
],
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.0.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-30T14:14:32.153Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/debug-log-manager/wordpress-debug-log-manager-plugin-2-2-0-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u0026nbsp;2.3.1 or a higher version."
}
],
"value": "Update to\u00a02.3.1 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Debug Log Manager Plugin \u003c= 2.3.0 is vulnerable to Sensitive Data Exposure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-6136",
"datePublished": "2023-11-30T14:14:32.153Z",
"dateReserved": "2023-11-14T22:17:55.106Z",
"dateUpdated": "2024-08-02T08:21:17.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5772 (GCVE-0-2023-5772)
Vulnerability from nvd – Published: 2023-11-30 03:32 – Updated: 2024-08-02 08:07
VLAI?
Summary
The Debug Log Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the clear_log() function. This makes it possible for unauthenticated attackers to clear the debug log via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity ?
4.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| qriouslad | Debug Log Manager |
Affected:
* , ≤ 2.2.1
(semver)
|
Credits
Dmitrii Ignatyev
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7e539549-1125-4b0e-aa3c-c8844041c23a?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/debug-log-manager/tags/2.2.0/classes/class-debug-log.php#L822"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/debug-log-manager/tags/2.2.2/classes/class-debug-log.php#L828"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Debug Log Manager",
"vendor": "qriouslad",
"versions": [
{
"lessThanOrEqual": "2.2.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmitrii Ignatyev"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Debug Log Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the clear_log() function. This makes it possible for unauthenticated attackers to clear the debug log via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-30T03:32:49.964Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7e539549-1125-4b0e-aa3c-c8844041c23a?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/debug-log-manager/tags/2.2.0/classes/class-debug-log.php#L822"
},
{
"url": "https://plugins.trac.wordpress.org/browser/debug-log-manager/tags/2.2.2/classes/class-debug-log.php#L828"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-11-29T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-5772",
"datePublished": "2023-11-30T03:32:49.964Z",
"dateReserved": "2023-10-25T22:04:46.513Z",
"dateUpdated": "2024-08-02T08:07:32.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}