Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total3
Critical0
High2
Medium1
Reset
Showing 1-3 of 3 records
Threat Entry Updated 2025-09-04

CVE-2025-9518 - Atec Debug Plugin

The atec Debug plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation on the 'debug_path' parameter in all versions up to, and including, 1.2.22. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).

PLUGIN Atec Debug

CVE-2025-9518

HIGH CVSS 7.2 2025-09-04
Open Full Technical Breakdown
Threat Entry Updated 2025-09-04

CVE-2025-9517 - Atec Debug Plugin

The atec Debug plugin for WordPress is vulnerable to remote code execution in all versions up to, and including, 1.2.22 via the 'custom_log' parameter. This is due to insufficient sanitization when saving the custom log path. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server.

PLUGIN Atec Debug

CVE-2025-9517

HIGH CVSS 7.2 2025-09-04
Open Full Technical Breakdown
Threat Entry Updated 2025-09-04

CVE-2025-9516 - Atec Debug Plugin

The atec Debug plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.22 via the 'custom_log' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to view the contents of files outside of the originally intended directory.

PLUGIN Atec Debug

CVE-2025-9516

MEDIUM CVSS 4.9 2025-09-04
Open Full Technical Breakdown
Scroll to top