SSP Debug

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Description

The SSP Debug plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0. This is due to the plugin storing PHP error logs in a predictable, web-accessible location (wp-content/uploads/ssp-debug/ssp-debug.log) without any access controls. This makes it possible for unauthenticated attackers to view sensitive debugging information including full URLs, client IP addresses, User-Agent strings, WordPress user IDs, and internal filesystem paths.

Basic Information

ID CVE-2025-13494

Source Wordfence

Published Dec 5, 2025 at 04:29

Affected Product

Vendor jimmyredline80

Product SSP Debug

Version *

Affected Versions jimmyredline80 SSP Debug *

CWE Classification

CWE-200

References

{
    "lastseen": "",
    "description": "The SSP Debug plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0. This is due to the plugin storing PHP error logs in a predictable, web-accessible location (wp-content/uploads/ssp-debug/ssp-debug.log) without any access controls. This makes it possible for unauthenticated attackers to view sensitive debugging information including full URLs, client IP addresses, User-Agent strings, WordPress user IDs, and internal filesystem paths.",
    "published": "2025-12-05T04:29:11.275Z",
    "modified": "2025-12-05T04:29:11.275Z",
    "type": "cve",
    "title": "SSP Debug <= 1.0.0 - Unauthenticated Sensitive Information Exposure",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/66f29499-1522-43cd-af78-9b734c66af8c?source=cve\nhttps://plugins.trac.wordpress.org/browser/ssp-debugging/trunk/ssp-debug.php#L221\nhttps://plugins.trac.wordpress.org/browser/ssp-debugging/tags/1.0.0/ssp-debug.php#L221",
    "id": "CVE-2025-13494",
    "bulletinFamily": "",
    "cwe": [
        "CWE-200"
    ],
    "cvelist": null,
    "sourceData": "jimmyredline80 SSP Debug *",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SSP Debug",
    "version": "*",
    "vendor": "jimmyredline80",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

SSP Debug <= 1.0.0 - Unauthenticated Sensitive Information Exposure_CVE-2025-13494