WP Email Debug Privilege Escalation Vulnerability Allowing Unauthenticated Access to Administrator Accounts

Vulnerability

A privilege escalation vulnerability has been identified in the WP Email Debug plugin for WordPress, affecting versions 1.0 through 1.1.0. The issue arises from a missing capability check in the WPMDBUG_handle_settings() function, allowing unauthenticated attackers to enable debugging, redirect all emails to an attacker-controlled address, and trigger a password reset for an administrator, potentially leading to unauthorized access to the administrator account.

Impact

Exploitation of this vulnerability could result in unauthorized access to an administrator account on the WordPress site.

Added: Jun 6, 2025, 7:28 AM

Updated: Jun 6, 2025, 7:28 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.1

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.1

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WP Email Debug Privilege Escalation Vulnerability Allowing Unauthenticated Access to Administrator Accounts

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating