Critical severity9.8NVD Advisory· Published Jun 6, 2025· Updated Apr 15, 2026
CVE-2025-5486
CVE-2025-5486
Description
The WP Email Debug plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the WPMDBUG_handle_settings() function in versions 1.0 to 1.1.0. This makes it possible for unauthenticated attackers to enable debugging and send all emails to an attacker controlled address and then trigger a password reset for an administrator to gain access to an administrator account.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.