SSP Debug WordPress Plugin Sensitive Information Exposure Vulnerability

A vulnerability allowing sensitive information exposure has been identified in the SSP Debug WordPress plugin, affecting all versions up to and including 1.0.0. The vulnerability arises because the plugin saves PHP error logs in a predictable, web-accessible directory within the uploads folder, specifically in 'wp-content/uploads/ssp-debug/ssp-debug.log'. This log file lacks proper access controls, enabling unauthenticated attackers to access sensitive debugging details such as full URLs, client IP addresses, User-Agent strings, WordPress user IDs, and internal filesystem paths.

Impact

Exploitation of this vulnerability allows unauthenticated users to access sensitive information stored in the PHP error logs, which could include details that aid in further attacks or exploitation.

Remediation

There is no known patch available for this vulnerability. Users are advised to review the vulnerability details and consider uninstalling the affected plugin.