The WP Email Debug plugin for WordPress is vulnerable to...
Critical severity
Unreviewed
Published
Jun 6, 2025
to the GitHub Advisory Database
•
Updated Jun 6, 2025
Description
Published by the National Vulnerability Database
Jun 6, 2025
Published to the GitHub Advisory Database
Jun 6, 2025
Last updated
Jun 6, 2025
The WP Email Debug plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the WPMDBUG_handle_settings() function in versions 1.0 to 1.1.0. This makes it possible for unauthenticated attackers to enable debugging and send all emails to an attacker controlled address and then trigger a password reset for an administrator to gain access to an administrator account.
References