Report
The WP Debugging WordPress plugin before 2.11.0 has its update_settings() function hooked to admin_init and is missing any authorisation and CSRF checks, as a result, the settings can be updated by unauthenticated users.
Score:6.5
Severity:Medium
Version: 2.10.2
There is a patch available in v2.11.0 and we strongly recommend you update to this version as soon as possible.
