Directory Listing Vulnerability in WordPress Debug Log Manager Plugin
CVE-2023-6383

7.5HIGH

Key Information:

Vendor

Wordpress
Status
Debug Log Manager
Vendor
CVE Published:
8 January 2024

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2023-6383?

The Debug Log Manager plugin for WordPress, prior to version 2.3.0, contains a vulnerability that exposes the debug log file without proper authorization controls. This directory listing vulnerability enables unauthorized users to download the debug log, potentially disclosing sensitive information. By exploiting this vulnerability, attackers may gain access to critical data that could compromise the integrity of the affected WordPress installations. It is essential for users to update to the latest version of the plugin to mitigate the risks associated with this security flaw.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Debug Log Manager 0 < 2.3.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-6383 - Proof of Concept

References

https://wpscan.com/vulnerability/eae63103-3de6-4100-8f48-...
exploitvdb-entrytechnical-description

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

JSON
.