CVE-2023-6383: 
WordPress vulnerability analysis and mitigation

The Debug Log Manager WordPress plugin before version 2.3.0 contains a Directory listing vulnerability (CVE-2023-6383) that was discovered in December 2023. This vulnerability allows unauthenticated users to download debug logs without proper authorization, potentially exposing sensitive data. The vulnerability affects all versions of the debug-log-manager plugin prior to version 2.3.0 (WPScan).

The vulnerability is classified as a Missing Authorization issue (CWE-862) with a CVSS v3.1 Base Score of 7.5 (HIGH). The attack vector is network-accessible (AV:N), requires low attack complexity (AC:L), needs no privileges (PR:N), requires no user interaction (UI:N), has unchanged scope (S:U), can result in high confidentiality impact (C:H), but has no impact on integrity (I:N) or availability (A:N) (NVD).

The vulnerability allows unauthorized access to debug log files, which could contain sensitive information such as system configurations, error messages, and potentially user data. This exposure of sensitive data could be leveraged by attackers to gain insights into the system's configuration and potential vulnerabilities (WPScan).

The vulnerability has been fixed in version 2.3.0 of the Debug Log Manager plugin. Site administrators should immediately update to this version or later to protect against unauthorized access to debug logs (WPScan).