CVE-2024-10588

Name of the Vulnerable Software and Affected Versions Debug Tool plugin for WordPress versions up to, and including, 2.2

Description The issue is related to a missing capability check on the info() function, allowing authenticated attackers with subscriber-level access and above to obtain information from phpinfo(). When WP DEBUG is enabled, this can be exploited by unauthenticated users as well. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For versions up to, and including, 2.2, update to the latest version to mitigate risks. As a temporary workaround, consider disabling the info() function until a patch is available. Restrict access to the phpinfo() output to minimize the risk of exploitation. Avoid using the WP DEBUG mode until the issue is resolved.