### [CVE-2021-24779](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24779)
![](https://img.shields.io/static/v1?label=Product&message=WP%20Debugging&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=2.11.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brightgreen)

### Description

The WP Debugging WordPress plugin before 2.11.0 has its update_settings() function hooked to admin_init and is missing any authorisation and CSRF checks, as a result, the settings can be updated by unauthenticated users.

### POC

#### Reference
- https://wpscan.com/vulnerability/8d0e65ee-fdd1-4fd6-9a27-01664c703d90

#### Github
- https://github.com/20142995/nuclei-templates