WordPress Debug Log Manager Plugin <= 2.3.0 is vulnerable to Sensitive Data Exposure
CVE-2023-6136

7.5HIGH

Key Information:

Vendor: WordPress
Status: Debug Log Manager
Vendor: CVE Published:; 30 November 2023

What is CVE-2023-6136?

The Bowo Debug Log Manager plugin for WordPress has a vulnerability that allows unauthorized actors to access sensitive information through log files. This issue affects all versions up to and including 2.3.0, potentially exposing critical data that could be exploited for malicious purposes. Users are advised to update to the latest version and implement security measures to protect sensitive information.

Affected Version(s)

Debug Log Manager <= 2.3.0

References

https://patchstack.com/database/vulnerability/debug-log-m...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 30, 2023
Vulnerability Reserved
Nov 14, 2023

Credit

Joshua Chan (Patchstack Alliance)