WordPress Plugin Vulnerabilities

Debug < 1.11 - CSRF

Description

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins perform unwanted actions, such as clear logs, via CSRF attacks

Affects Plugins

Plugin icon
debug
Fixed in 1.11

References

CVE
CVE-2024-24798
URL
https://patchstack.com/database/vulnerability/debug/wordpress-debug-plugin-1-10-cross-site-request-forgery-csrf-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Nguyen Xuan Chien
Verified
Yes
WPVDB ID
601a335e-7e59-4e17-a250-ec9e87370ee2

Timeline

Publicly Published
2024-01-31 (about 2 years ago)
Added
2024-02-05 (about 2 years ago)
Last Updated
2024-04-01 (about 1 year ago)

Other

Published
Title
Published
2023-03-03
Title
Resize at Upload Plus <= 1.3 - Cross-Site Request Forgery (CSRF)
Published
2025-01-16
Title
WP Cookies Alert <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2024-07-11
Title
WooCommerce Customers Manager < 30.1 - User Deletion via CSRF
Published
2021-08-06
Title
WP Fusion Lite < 3.37.30 - CSRF to Data Deletion
Published
2024-05-06
Title
KKProgressbar2 Free <= 1.1.4.2 - Stored XSS via CSRF