HIGHVulnerability
Verified
Global

NVD HIGH: CVE-2026-5130 — The Debugger & Troubleshooter plugin for WordPress was vulnerable to Unauthentic...

Monday, March 30, 2026 at 11:17 PM UTC·Source: NIST NVD

Updated: Monday, April 6, 2026 at 12:17 AM UTC

Executive Summary

The Debugger & Troubleshooter plugin for WordPress was vulnerable to Unauthenticated Privilege Escalation in versions up to and including 1.3.2. This was due to the plugin accepting the wp_debug_troubleshoot_simulate_user cookie value directly as a user ID without any cryptographic validation or authorization checks. The cookie value was used to override the determine_current_user filter, which al

Analysis

The Debugger & Troubleshooter plugin for WordPress was vulnerable to Unauthenticated Privilege Escalation in versions up to and including 1.3.2. This was due to the plugin accepting the wp_debug_troubleshoot_simulate_user cookie value directly as a user ID without any cryptographic validation or authorization checks. The cookie value was used to override the determine_current_user filter, which allowed unauthenticated attackers to impersonate any user by simply setting the cookie to their target user ID. This made it possible for unauthenticated attackers to gain administrator-level access and perform any privileged actions including creating new administrator accounts, modifying site content, installing plugins, or taking complete control of the WordPress site. The vulnerability was fixed in version 1.4.0 by implementing a cryptographic token-based validation system where only administrators can initiate user simulation, and the cookie contains a random 64-character token that must be validated against database-stored mappings rather than accepting arbitrary user IDs. CVSS Score: 8.8. Published: 2026-03-30T23:17:04.177.

Indicators of Compromise (1)

CVE (1)
CVE-2026-5130
NVDMITRE CVE
Source Attribution

Originally published by NIST NVD on Mar 30, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerability

The End of Static Security: Why AI Demands Real-Time Microsegmentation

AI is compressing cyberattack timelines from months to minutes. While segmentation has been a gold standard security practice for years, many organizations are still operating with outdated, static approaches.

Bank Info Security
MEDIUMVulnerability

Why Data Security Standards in Cancer Innovation Matter

Cancer research and treatment innovation - and the tech that powers that - requires a great deal of collaboration and data sharing among multiple parties. But keeping that sensitive information secure and private is crucial - and requires adherence to standards, said Baxter Lee of Clearwater.

Bank Info Security
MEDIUMVulnerability

One-Time Passcodes Are Gateway for Financial Fraud Attacks

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/one-time-passcodes-are-gateway-for-financial-fraud-attacks-image_small-6-a-31341.jpg" align=right hspace=4><b>Report Reveals Growing Trend of Fraudsters Intercepting SMS-Based Verification</b><br>Financial institutions have historically relied on one-time passcodes as a primary authentication control for their accountholders. But

Bank Info Security