WordPress Plugin Vulnerabilities

Debug Log Manager < 2.3.0 - Sensitive Logs Exposure

Description

The plugin contains a Directory listing vulnerability was discovered, which allows you to download the debug log without authorization and gain access to sensitive data

Proof of Concept

https://your_site/wordpress/wp-content/uploads/debug-log-manager/

Affects Plugins

Plugin icon
debug-log-manager
Fixed in 2.3.0

References

CVE
CVE-2023-6383
URL
https://research.cleantalk.org/cve-2023-6383-debug-log-manager-poc/

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200

Miscellaneous

Original Researcher
Dmitrii Ignatyev
Submitter
Dmitrii Ignatyev
Submitter website
https://research.cleantalk.org
Verified
Yes
WPVDB ID
eae63103-3de6-4100-8f48-2bcf9a5c91fb

Timeline

Publicly Published
2023-12-13 (about 5 months ago)
Added
2023-12-13 (about 5 months ago)
Last Updated
2023-12-14 (about 4 months ago)

Other

Published
Title
Published
2021-08-23
Title
Timetable and Event Schedule by MotoPress < 2.4.0 - Arbitrary User's Hashed Password/Email/Username Disclosure
Published
2022-02-10
Title
wpDiscuz < 7.3.12 - Sensitive Information Disclosure
Published
2023-07-10
Title
LMS by Masteriyo < 1.6.8 - Information Exposure
Published
2020-08-20
Title
Advanced Access Manager < 6.6.2 - Authenticated Information Disclosure
Published
2021-09-22
Title
Ninja Forms < 3.5.8 - Unprotected REST-API to Sensitive Information Disclosure