PT-2025-49194 · WordPress · Ssp Debug
Itthidej Aramsri
·
Published
2025-12-05
·
Updated
2025-12-05
·
CVE-2025-13494
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SSP Debug plugin for WordPress versions prior to 1.0.1
Description
The SSP Debug plugin for WordPress stores PHP error logs in a predictable, web-accessible location (wp-content/uploads/ssp-debug/ssp-debug.log) without access controls. This allows unauthenticated attackers to view sensitive debugging information, including full URLs, client IP addresses, User-Agent strings, WordPress user IDs, and internal filesystem paths.
Recommendations
Update the SSP Debug plugin to version 1.0.1 or later.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ssp Debug