CVE-2024-10588 in Debug Tool Pluginالمعلومات

الملخص

بحسب MITRE • 09/11/2024

The Debug Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the info() function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to obtain information from phpinfo(). When WP_DEBUG is enabled, this can be exploited by unauthenticated users as well.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

حجز

31/10/2024

إفشاء

09/11/2024

الاعتدال

تمت الموافقة

إدخال

VDB-283548

EPSS

0.00277

KEV

لا

النشاطات

منخفض جدًا

القطاع

Hostingprovider

المصادر

Do you know our Splunk app?

Download it now for free!