CVE-2024-33915 MEDIUM

CVE-2024-33915: WordPress Debug Log Manager plugin <= 2.3.1 - Broken Access Control vulnerability

Vendor Bowo
Product Debug Log Manager
Weakness CWE-862 · Missing authorization
Published May 3, 2024
Last update April 28, 2026

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1.

Explanation of Vulnerability in Simple Terms

02Summary

Debug Log Manager through version 2.3.1 lacks proper authorization checks, allowing authenticated users with low privileges to modify log data. An attacker with a basic user account can alter debug logs without restriction, potentially covering tracks or corrupting audit trails. The vulnerability requires valid site credentials but no special permissions.

What an attacker can do

03Attacker Capabilities

Modify or delete debug logs to cover their tracks or corrupt audit records.

Potential impact on your site

04Site Impact

Audit logs can be tampered with by any logged-in user, compromising your ability to detect or investigate suspicious activity.

Conditions required to exploit

05Prerequisites

Attacker must have a low-privilege authenticated account on the site.

Key dates

06Disclosure timeline

May 3, 2024 CVE published
April 28, 2026 Record updated

Related vulnerabilities

08Related CVE