CVE-2026-5130

Name of the Vulnerable Software and Affected Versions WordPress Debugger & Troubleshooter plugin versions through 1.3.2

Description The Debugger & Troubleshooter plugin for WordPress was susceptible to Unauthenticated Privilege Escalation. The plugin accepted the wp debug troubleshoot simulate user cookie value directly as a user ID without validation. This allowed unauthenticated attackers to impersonate any user, including administrators, by setting the cookie to a target user ID. This could lead to complete control of the WordPress site, including creating new administrator accounts and modifying site content. The issue was addressed by implementing a cryptographic token-based validation system, restricting user simulation to administrators and requiring a validated token.

Recommendations Update to version 1.4.0 or later to implement the cryptographic token-based validation system.