CVE-2024-10588 MEDIUM

CVE-2024-10588: Debug Tool <= 2.2 - Missing Authorization to Information Exposure

Vendor Eugenbobrowski
Product Debug Tool
Weakness CWE-862 · Missing authorization
Published November 9, 2024
Last update April 8, 2026
View on NVD All CVEs

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

The Debug Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the info() function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to obtain information from phpinfo(). When WP_DEBUG is enabled, this can be exploited by unauthenticated users as well.

Key dates

02Disclosure timeline

November 9, 2024 CVE published
April 8, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-32129 WordPress Editorialmag theme <= 1.1.9 - Authenticated Arbitrary Plugin Activation CVE-2026-42320 GLPI vulnerable to arbitrary file access CVE-2024-10390 Elfsight Telegram Chat CC <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting CVE-2025-57969 WordPress Hide WP Toolbar Plugin <= 2.7 - Broken Access Control Vulnerability CVE-2025-62966 WordPress GoCache plugin <= 1.3.6 - Broken Access Control vulnerability