cleantalk
Vulnerabilities and Security Researches

Debug Bar – Enable WP_DEBUG from admin dashboard, ab5bf8f0b6e5857005818027b088dbbda4126789

CVE, Research URL

ab5bf8f0b6e5857005818027b088dbbda4126789

Home page URL

Security reports for Debug Bar – Enable WP_DEBUG from admin dashboard

Application

Debug Bar – Enable WP_DEBUG from admin dashboard

Published on
Aug 01, 2022
Research Description
Debug Bar &#8211; Enable WP_DEBUG from admin dashboard [enable-wp-debug-from-admin-dashboard] < 1.86 Debug Bar <= 1.85 - Reflected Cross-Site Scripting The Debug Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.85 due to the use of add_query_arg/remove_query_arg with insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages via a URL that executes if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
max 1.86.
Status
vulnerable
Previous vulnerability researches
WP-Appbox (CVE-2025-1489) , Feb 24, 2025
WP-Appbox (b78e4a3b-e432-4968-8b83-125f3bac15cd) , Jun 16, 2026
WP-Appbox (38323495c61fe870f9687d2fb34e8fdaa47f2cea) , Jun 16, 2026
WP-Appbox (cec60394318af09fd303e279df20a93f055a959c) , Jun 16, 2026
WP-Appbox (CVE-2024-12710) , Dec 25, 2024
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026