Skip to main content

Wp Debugging

2 CVEs product

Monthly

CVE-2026-57350 HIGH This Week

Reflected cross-site scripting in the WP Debugging WordPress plugin (versions 2.12.2 and earlier) lets unauthenticated remote attackers inject arbitrary JavaScript that executes in a victim's browser after they interact with a crafted link or request. Reported by Patchstack and classified CWE-79 with a CVSS 7.1, the flaw carries a scope-change impact meaning injected script can affect the wider WordPress session context. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

XSS Wp Debugging
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2021-24779 MEDIUM POC This Month

The WP Debugging WordPress plugin before 2.11.0 has its update_settings() function hooked to admin_init and is missing any authorisation and CSRF checks, as a result, the settings can be updated by. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Authentication Bypass Wp Debugging
NVD WPScan
CVSS 3.1
6.5
EPSS
0.6%
EPSS 0% CVSS 7.1
HIGH This Week

Reflected cross-site scripting in the WP Debugging WordPress plugin (versions 2.12.2 and earlier) lets unauthenticated remote attackers inject arbitrary JavaScript that executes in a victim's browser after they interact with a crafted link or request. Reported by Patchstack and classified CWE-79 with a CVSS 7.1, the flaw carries a scope-change impact meaning injected script can affect the wider WordPress session context. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

XSS Wp Debugging
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

The WP Debugging WordPress plugin before 2.11.0 has its update_settings() function hooked to admin_init and is missing any authorisation and CSRF checks, as a result, the settings can be updated by. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Authentication Bypass +1
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy