WordPress Plugin Vulnerabilities

Debug Log Manager < 2.3.0 - Sensitive Logs Exposure

Description

The plugin contains a Directory listing vulnerability, which allows unauthenticated users to download the debug log without authorization and gain access to sensitive data

Proof of Concept

Affects Plugins

Plugin icon
debug-log-manager
Fixed in 2.3.0

References

CVE
CVE-2023-6383
URL
https://research.cleantalk.org/cve-2023-6383-debug-log-manager-poc/

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Dmitrii Ignatyev
Submitter
Dmitrii Ignatyev
Submitter website
https://research.cleantalk.org
Verified
Yes
WPVDB ID
eae63103-3de6-4100-8f48-2bcf9a5c91fb

Timeline

Publicly Published
2023-12-13 (about 2 years ago)
Added
2023-12-13 (about 2 years ago)
Last Updated
2024-08-29 (about 1 year ago)

Other

Published
Title
Published
2025-03-31
Title
GTM Kit < 2.4.1 - Unauthenticated Sensitive Information Exposure
Published
2023-10-13
Title
Libsyn Publisher Hub <= 1.4.4 - Sensitive Information Exposure
Published
2024-08-16
Title
Contest Gallery < 23.1.3 - Unauthenticated Information Exposure
Published
2024-10-30
Title
Stacks Mobile App Builder <= 5.2.3 - Unauthenticated Sensitive Information Disclosure
Published
2024-04-01
Title
WPFront User Role Editor < 4.1.0 - Limited Information Exposure