WordPress Plugin Vulnerabilities

Debug Log Manager < 2.2.2 - Debug Log Clearing via CSRF

Description

The plugin does not have CSRF checks when clearing debug logs, which could allow attackers to make logged in admins perform such action via a CSRF attack

Affects Plugins

Plugin icon
debug-log-manager
Fixed in 2.2.2

References

CVE
CVE-2023-5772
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/7e539549-1125-4b0e-aa3c-c8844041c23a

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (Medium)

Miscellaneous

Original Researcher
Dmitrii Ignatyev
Verified
No
WPVDB ID
9cc69ed3-7604-4a8b-b3db-c99db5b5c6ac

Timeline

Publicly Published
2023-11-29 (about 2 years ago)
Added
2023-11-30 (about 2 years ago)
Last Updated
2023-11-30 (about 2 years ago)

Other

Published
Title
Published
2026-01-06
Title
HelpDesk contact form plugin < 1.1.6 - Cross-Site Request Forgery to Settings Update via handle_query_args
Published
2023-12-27
Title
Easy PayPal Buy Now Button < 1.8.2 - Cross-Site Request Forgery
Published
2022-06-01
Title
Social Share Buttons by Supsystic < 2.2.4 - Multiple CSRF
Published
2025-01-16
Title
Twitter Shortcode <= 0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-09-22
Title
WP Attractive Donations System < 1.29 - Cross-Site Request Forgery