Name of the Vulnerable Software and Affected Versions:

atec Debug plugin for WordPress versions through 1.2.22

Description:

The atec Debug plugin for WordPress is susceptible to arbitrary file deletion due to inadequate file path validation on the `debug path` parameter. This allows authenticated attackers with Administrator-level access or higher to delete arbitrary files on the server, potentially leading to remote code execution if critical files, such as `wp-config.php`, are deleted.

Recommendations:

Update the atec Debug plugin to a version beyond 1.2.22.