{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13494", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-11-20T21:57:46.360Z", "datePublished": "2025-12-05T04:29:11.275Z", "dateUpdated": "2026-04-08T16:58:06.482Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:58:06.482Z"}, "affected": [{"vendor": "jimmyredline80", "product": "SSP Debug", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.0.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The SSP Debug plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0. This is due to the plugin storing PHP error logs in a predictable, web-accessible location (wp-content/uploads/ssp-debug/ssp-debug.log) without any access controls. This makes it possible for unauthenticated attackers to view sensitive debugging information including full URLs, client IP addresses, User-Agent strings, WordPress user IDs, and internal filesystem paths."}], "title": "SSP Debug <= 1.0.0 - Unauthenticated Sensitive Information Exposure", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/66f29499-1522-43cd-af78-9b734c66af8c?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/ssp-debugging/trunk/ssp-debug.php#L221"}, {"url": "https://plugins.trac.wordpress.org/browser/ssp-debugging/tags/1.0.0/ssp-debug.php#L221"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "cweId": "CWE-200", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Itthidej Aramsri"}], "timeline": [{"time": "2025-12-04T16:27:19.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-05T15:47:33.720847Z", "id": "CVE-2025-13494", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-05T15:50:51.536Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-13494", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-05T15:47:33.720847Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-05T15:50:47.279Z"}}], "cna": {"title": "SSP Debug <= 1.0.0 - Unauthenticated Sensitive Information Exposure", "credits": [{"lang": "en", "type": "finder", "value": "Itthidej Aramsri"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}], "affected": [{"vendor": "jimmyredline80", "product": "SSP Debug", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.0.0"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-12-04T16:27:19.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/66f29499-1522-43cd-af78-9b734c66af8c?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/ssp-debugging/trunk/ssp-debug.php#L221"}, {"url": "https://plugins.trac.wordpress.org/browser/ssp-debugging/tags/1.0.0/ssp-debug.php#L221"}], "descriptions": [{"lang": "en", "value": "The SSP Debug plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0. This is due to the plugin storing PHP error logs in a predictable, web-accessible location (wp-content/uploads/ssp-debug/ssp-debug.log) without any access controls. This makes it possible for unauthenticated attackers to view sensitive debugging information including full URLs, client IP addresses, User-Agent strings, WordPress user IDs, and internal filesystem paths."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:58:06.482Z"}}}, "cveMetadata": {"cveId": "CVE-2025-13494", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:58:06.482Z", "dateReserved": "2025-11-20T21:57:46.360Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-12-05T04:29:11.275Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The SSP Debug plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0. This is due to the plugin storing PHP error logs in a predictable, web-accessible location (wp-content/uploads/ssp-debug/ssp-debug.log) without any access controls. This makes it possible for unauthenticated attackers to view sensitive debugging information including full URLs, client IP addresses, User-Agent strings, WordPress user IDs, and internal filesystem paths."}], "id": "CVE-2025-13494", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-12-05T05:16:58.213", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/ssp-debugging/tags/1.0.0/ssp-debug.php#L221"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/ssp-debugging/trunk/ssp-debug.php#L221"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/66f29499-1522-43cd-af78-9b734c66af8c?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T00:21:23.977217+00:00", "value": {"mitigation_remediation": ["Upgrade SSP Debug to a version newer than 1.0.0 or uninstall the plugin if it is no longer required.", "Add a .htaccess rule or equivalent web server configuration to deny public access to the /wp-content/uploads/ssp-debug/ directory, for example using \"Deny from all\" or \"Require all denied\".", "Disable PHP error logging for the plugin or redirect logs to a non\u2011public directory and enforce proper file permissions."], "summary": {"action": "Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "WordPress sites that have installed the SSP Debug plugin by jimmyredline80, versions up to 1.0.0. The vulnerability is present in every release up to and including the 1.0.0 tag and is not limited to any particular WordPress core version or configuration.", "description_and_impact": "The SSP Debug plugin for WordPress is vulnerable to sensitive information exposure in all versions up to and including 1.0.0. The flaw occurs because the plugin writes PHP error logs to a predictable, web\u2011accessible directory (wp-content/uploads/ssp-debug/) without any access controls. The log file may contain full URLs, client IP addresses, User\u2011Agent strings, WordPress user IDs, and internal filesystem paths, which constitutes a CWE\u2011200 vulnerability.", "risk_and_exploitability": "Based on the description, it is inferred that the primary attack vector is a simple unauthenticated HTTP GET request to the predictable log file location (wp-content/uploads/ssp-debug/ssp-debug.log). The CVSS score of 5.3 indicates a moderate severity for information disclosure, and the EPSS score of less than 1% suggests that exploitation is considered rare at the moment. The vulnerability is not listed in the CISA KEV catalog. The risk is principally the exposure of debugging data that could provide an adversary with insights into site structure, user identities, and potentially aid in planning further attacks."}}}}, "created": "2025-12-05T10:51:43.161371+00:00", "updated": "2026-04-22T00:30:04.046350+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}