Vulnerabilities and security researches forenable-wp-debug-from-admin-dashboard enable-wp-debug-from-admin-dashboard

Jun 16, 2026

CVE, Research URL: ab5bf8f0b6e5857005818027b088dbbda4126789
Home page URL: Security reports for Debug Bar – Enable WP_DEBUG from admin dashboard
Application: Debug Bar – Enable WP_DEBUG from admin dashboard
Date: Aug 01, 2022
Research Description: Debug Bar – Enable WP_DEBUG from admin dashboard [enable-wp-debug-from-admin-dashboard] < 1.86 Debug Bar <= 1.85 - Reflected Cross-Site Scripting The Debug Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.85 due to the use of add_query_arg/remove_query_arg with insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages via a URL that executes if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: max 1.86.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: 7e949cf0-63d4-49b0-a81c-e778b3a2d837
Home page URL: Security reports for Debug Bar – Enable WP_DEBUG from admin dashboard
Application: Debug Bar – Enable WP_DEBUG from admin dashboard
Date: -
Research Description: Debug Bar – Enable WP_DEBUG from admin dashboard [enable-wp-debug-from-admin-dashboard] < 1.86 Multiple Plugins from Puvox.software - Reflected Cross-Site Scripting The plugins do not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting
Affected versions: max 1.86.
Status: vulnerable