Name of the Vulnerable Software and Affected Versions:

atec Debug plugin for WordPress versions prior to 1.2.23

Description:

The atec Debug plugin for WordPress is susceptible to remote code execution through the `custom log` parameter due to insufficient sanitization when saving the custom log path. This allows authenticated attackers with Administrator-level access or higher to execute code on the server.

Recommendations:

Update the atec Debug plugin to a version later than 1.2.22.