CVE-2024-10588 in Debug Tool Plugin
الملخص
بحسب MITRE • 09/11/2024
The Debug Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the info() function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to obtain information from phpinfo(). When WP_DEBUG is enabled, this can be exploited by unauthenticated users as well.
VulDB is the best source for vulnerability data and more expert information about this specific topic.