Vulnerabilities and security researches forwp-email-debug wp-email-debug

Jun 15, 2025

CVE, Research URL: CVE-2025-5486
Home page URL: Security reports for WP Email Debug
Application: WP Email Debug
Date: Jun 06, 2025
Research Description: The WP Email Debug plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the WPMDBUG_handle_settings() function in versions 1.0 to 1.1.0. This makes it possible for unauthenticated attackers to enable debugging and send all emails to an attacker controlled address and then trigger a password reset for an administrator to gain access to an administrator account.
Affected versions: Min -, max -.
Status: vulnerable