Vulnerabilities and security researches fordebug-functions-time debug-functions-time

Jun 07, 2024

CVE, Research URL: 7e949cf0-63d4-49b0-a81c-e778b3a2d837
Home page URL: Security reports for Find Slow Functions & Actions & Filters & Hooks (Debug Bar)
Application: Find Slow Functions & Actions & Filters & Hooks (Debug Bar)
Date: -
Research Description: Find Slow Functions & Actions & Filters & Hooks (Debug Bar) [debug-functions-time] < 1.41 Multiple Plugins from Puvox.software - Reflected Cross-Site Scripting The plugins do not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting
Affected versions: max 1.41.
Status: vulnerable

Jun 16, 2026

CVE, Research URL: 5ef43d72f656d2e9ea2af708f1348c463f9bc9c0
Home page URL: Security reports for Find Slow Functions & Actions & Filters & Hooks (Debug Bar)
Application: Find Slow Functions & Actions & Filters & Hooks (Debug Bar)
Date: Aug 01, 2022
Research Description: Find Slow Functions & Actions & Filters & Hooks (Debug Bar) [debug-functions-time] < 1.41 Find Slow Functions & Actions & Filters & Hooks <= 1.40 - Reflected Cross-Site Scripting The Find Slow Functions & Actions & Filters & Hooks plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.40 due to the use of add_query_arg/remove_query_arg with insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages via a URL that executes if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: max 1.41.
Status: vulnerable