CVE-2023-5772

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Nov 30, 2023

Updated: Dec 5, 2023

CWE ID 352

Summary

CVE-2023-5772 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Debug Log Manager plugin for WordPress. Versions up to and including 2.2.1 are vulnerable due to insufficient nonce validation on the clear_log() function. This issue allows unauthenticated attackers to clear the debug log by tricking site administrators into executing a malicious request, potentially putting sensitive information at risk. Users are urged to update to the latest plugin version as soon as possible to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Bowo Debug Log Manager

Affected Vendors

Bowo

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tI-HY-
https://www.cve.org/CVERecord?id=CVE-2023-5772
https://nvd.nist.gov/vuln/detail/CVE-2023-5772

Back to Vulnerability Database