Primary

Context

WordPress atec Debug Plugin Arbitrary File Read Vulnerability

Vulnerability

A vulnerability allowing arbitrary file read has been identified in the atec Debug plugin for WordPress, affecting all versions through 1.2.22. This vulnerability arises from the 'custom_log' parameter, enabling authenticated attackers with Administrator-level access to view file contents outside the intended directory.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive file contents on the server.

Reproduction

To reproduce this vulnerability, an authenticated user with Administrator privileges can send a request to the WordPress site with the 'custom_log' parameter. This parameter can be used to specify a file path, allowing the user to read files outside the normal directory restrictions.

Remediation

Users are advised to update the atec Debug plugin to version 1.2.23 or later.

Added: Sep 4, 2025, 11:18 AM

Updated: Sep 4, 2025, 6:05 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.8

remediation

7.7

relevance

0.4

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.8

remediation

7.7

relevance

0.4

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress atec Debug Plugin Arbitrary File Read Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating