CVE-2025-5486
BaseFortify
Publication date: 2025-06-06
Last updated on: 2025-06-06
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized access to administrator accounts by attackers. By enabling debugging and redirecting emails, attackers can intercept sensitive communications such as password reset emails. This can lead to full compromise of the WordPress site, allowing attackers to control site settings, content, and user data.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability can negatively affect compliance with standards like GDPR and HIPAA because it allows unauthorized access to sensitive data and user accounts. Intercepting emails and gaining administrator access can lead to data breaches, exposing personal or protected health information, which violates data protection and privacy regulations.
Can you explain this vulnerability to me?
The WP Email Debug plugin for WordPress has a vulnerability in versions 1.0 to 1.1.0 where a missing capability check in the WPMDBUG_handle_settings() function allows unauthenticated attackers to escalate privileges. Specifically, attackers can enable email debugging, redirect all emails to an attacker-controlled address, and then trigger a password reset for an administrator. This sequence enables the attacker to gain access to an administrator account.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the WP Email Debug plugin's debugging mode is enabled, which redirects all emails to an attacker-controlled address. On the WordPress admin interface, look for the "Email Debug ON" toolbar link indicating debugging is active. Additionally, inspect the plugin settings for the option 'wpmdbug_enabled' and the email address set in 'wpmdbug_sendto'. On the system level, you can monitor outgoing emails to see if they are being redirected unexpectedly. For example, you can use commands like `grep -r 'wpmdbug_enabled' wp-content/plugins/wp-email-debug/` to check plugin settings files, or monitor mail logs with `tail -f /var/log/mail.log` to detect unusual email redirection. Within WordPress, querying the database for options named 'WPMDBUG_enabled' and 'WPMDBUG_email' can also reveal if debugging is enabled and where emails are sent. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling the WP Email Debug plugin or updating it to a version that includes proper capability checks (versions later than 1.1.0 if available). If disabling is not possible immediately, ensure that debugging is turned off by setting 'wpmdbug_enabled' to false in the plugin settings. Also, verify that the recipient email address for debugging ('wpmdbug_sendto') is not set to an attacker-controlled address. Restrict access to the plugin settings page to trusted administrators only, and monitor for any unauthorized changes. Applying WordPress security best practices such as limiting plugin installation and updates to trusted users will help prevent exploitation. [1]