CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2024-52416

CVSS 10.0v3.1pub. 2024-11-16upd. 2026-04-23

Missing Authorization vulnerability in Eugen Bobrowski Debug Tool debug-tool allows Upload a Web Shell to a Web Server.This issue affects Debug Tool: from n/a through <= 2.2.

🤖 AI Analysis
How it works

The vulnerability results from a lack of appropriate authorization control mechanisms (CWE-862) in handling file upload functionality in the Debug Tool plugin. An attacker without any authentication can send a network request uploading a malicious file (Web Shell) directly to the web server. The absence of permission verification means that the operation is executed successfully regardless of user role or session.

Impact

An attacker can gain full control over the server by executing arbitrary code (RCE) through an uploaded Web Shell. Data disclosure, modification, or deletion is possible, as well as further lateral movement within the infrastructure.

Mitigation & patch

The Debug Tool plugin must be immediately updated to a version higher than 2.2, or — if an update is not available — the plugin should be immediately deactivated and removed from all WordPress installations. Details regarding available patches are available in the Patchstack references.

Who is affected

The Debug Tool plugin by Eugena Bobrowski for WordPress in versions from its inception (n/a) to 2.2 inclusive.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References