cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-10586,https://securityvulnerability.io/vulnerability/CVE-2024-10586,Arbitrary File Creation Vulnerability in Debug Tool Plugin,"The Debug Tool plugin for WordPress is susceptible to a vulnerability that permits arbitrary file creation due to an oversight in capability verification contained within the dbt_pull_image() function. Furthermore, the absence of file type validation in the plugin's functionality allows unauthenticated attackers to exploit this weakness. These weaknesses enable attackers to create unauthorized files, including those with .php extensions, which can result in the execution of remote code, posing a significant threat to affected WordPress installations.",Wordpress,Debug Tool,9.8,CRITICAL,0.000910000002477318,false,,false,false,true,2024-11-10T20:30:05.000Z,true,false,false,,2024-11-09T02:32:01.177Z,0
CVE-2024-10588,https://securityvulnerability.io/vulnerability/CVE-2024-10588,Plugin Vulnerability Allows Unauthorized Access to Data,"The Debug Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the info() function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to obtain information from phpinfo(). When WP_DEBUG is enabled, this can be exploited by unauthenticated users as well.",Wordpress,Debug Tool,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-11-09T02:31:59.749Z,0