Security Advisory

CVE-2025-5486

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-06-06 06:42:54

Last updated 2025-06-06 16:08:27

Assigner Wordfence

State PUBLISHED

Description

The WP Email Debug plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the WPMDBUG_handle_settings() function in versions 1.0 to 1.1.0. This makes it possible for unauthenticated attackers to enable debugging and send all emails to an attacker controlled address and then trigger a password reset for an administrator to gain access to an administrator account.

← Browse all CVEs View on cve.org ↗