Bowo Debug Log Manager

Missing Auth Vulnerability in Bowo Debug Log Manager <=2.3.1
CVE-2024-35669 8.8 - High - June 09, 2024

Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1.

AuthZ

Missing Auth in Bowo Debug Log Manager (<2.3.1)
CVE-2024-33915 - May 03, 2024

Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1.

AuthZ

Debug Log Manager v2.3.1 Stored XSS before 2.3.2
CVE-2024-32582 - April 18, 2024

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bowo Debug Log Manager allows Stored XSS.This issue affects Debug Log Manager: from n/a through 2.3.1.

XSS

Debug Log Manager WP Plugin <2.3.0 Directory Listing Vulnerability
CVE-2023-6383 7.5 - High - January 08, 2024

The Debug Log Manager WordPress plugin before 2.3.0 contains a Directory listing vulnerability was discovered, which allows you to download the debug log without authorization and gain access to sensitive data

AuthZ

CVE-2023-6136: Sensitive Info Leak in Bowo Debug Log Manager <= 2.3.0
CVE-2023-6136 7.5 - High - November 30, 2023

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.0.

CSRF: Debug Log Manager <=2.2.1 in WordPress
CVE-2023-5772 4.3 - Medium - November 30, 2023

The Debug Log Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the clear_log() function. This makes it possible for unauthenticated attackers to clear the debug log via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Session Riding