WP-Safety

Debug Log – Manager Tool Security & Risk Analysis

wordpress.org/plugins/debug-log-config-tool

The "Debug Log Config Tool" simplifies debugging. Toggle logging,queries , view levels, clear logs from dashboard.

3K active installs v2.0.1 PHP 5.6+ WP 5.6+ Updated Apr 30, 2025
debugdeveloperlogremote-debugtools
91
A · Safe
CVEs total1
Unpatched0
Last CVEMay 20, 2024
Plugin page Download
Safety Verdict

Is Debug Log – Manager Tool Safe to Use in 2026?

Generally Safe

Score 91/100

Debug Log – Manager Tool has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: May 20, 2024Updated 1yr ago
Risk Assessment

The debug-log-config-tool plugin exhibits a mixed security posture. While it demonstrates good practices in output escaping and a relatively low number of SQL queries, significant concerns arise from its attack surface and taint analysis. The presence of an unprotected AJAX handler presents a direct entry point for attackers, further amplified by the taint analysis revealing two high-severity flows with unsanitized paths. These unsanitized paths, especially when combined with the unprotected entry point, could lead to serious vulnerabilities if user-supplied data is not properly validated and sanitized before being processed by dangerous functions like `shell_exec` or `proc_open`.

The plugin's vulnerability history, while currently showing no unpatched CVEs, does indicate a past medium-severity vulnerability related to sensitive information logging. This historical pattern, coupled with the identified code signals, suggests a potential for future security weaknesses if not addressed proactively. The presence of dangerous functions like `shell_exec` and `proc_open` alongside unsanitized input flows warrants careful review and mitigation to prevent potential command injection or other severe exploits.

In conclusion, while the plugin has strengths in output sanitization and a clean CVE record at present, the unprotected AJAX handler, high-severity taint flows, and the potential use of dangerous functions in conjunction with unsanitized data create a notable risk. The plugin's historical vulnerability also suggests a need for continued vigilance.

Key Concerns

  • Unprotected AJAX handler
  • 2 High severity taint flows with unsanitized paths
  • Use of dangerous functions (shell_exec, proc_open)
  • Partial use of prepared statements for SQL
Vulnerabilities
1 published

Debug Log – Manager Tool Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-34798medium · 5.3Insertion of Sensitive Information into Log File

Debug Log – Manger Tool <= 1.4.5 - Unauthenticated Information Exposure via Logs

May 20, 2024 Patched in 1.5 (10d)
Version History

Debug Log – Manager Tool Release Timeline

v2.0.1Current
v2.0.0
v1.5.3.2
v1.5.3
v1.5.2
v1.5.1
v1.5
v1.4.51 CVE
CVE-2024-34798
v1.4.41 CVE
CVE-2024-34798
v1.4.31 CVE
CVE-2024-34798
v1.4.21 CVE
CVE-2024-34798
v1.41 CVE
CVE-2024-34798
v1.31 CVE
CVE-2024-34798
v1.21 CVE
CVE-2024-34798
v1.0.21 CVE
CVE-2024-34798
v1.0.01 CVE
CVE-2024-34798
vFix-Name1 CVE
CVE-2024-34798
Code Analysis
Analyzed Mar 16, 2026

Debug Log – Manager Tool Code Analysis

Dangerous Functions
3
Raw SQL Queries
7
6 prepared
Unescaped Output
2
23 escaped
Nonce Checks
4
Capability Checks
6
File Operations
9
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

shell_exec$timeout_exists = shell_exec('which timeout') !== null;app\Controllers\TerminalController.php:1667
shell_exec$gtimeout_exists = shell_exec('which gtimeout') !== null;app\Controllers\TerminalController.php:1668
proc_open$process = proc_open($cmd_prefix . $command_string, $descriptorspec, $pipes, ABSPATH);app\Controllers\TerminalController.php:1676

SQL Query Safety

46% prepared13 total queries

Output Escaping

92% escaped25 total outputs
Data Flows · Security
6 unsanitized

Data Flow Analysis

6 flows6 with unsanitized paths
updateNotificationEmail (app\Controllers\NotificationController.php:79)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Debug Log – Manager Tool Attack Surface

Entry Points2
Unprotected1

AJAX Handlers 2

authwp_ajax_dlct_logs_adminapp\Classes\AjaxHandler.php:17
authwp_ajax_dlct_toggle_debugapp\Classes\DLCT_Bootstrap.php:107
WordPress Hooks 11
actionadmin_menuapp\Classes\DLCT_Bootstrap.php:102
actionwp_before_admin_bar_renderapp\Classes\DLCT_Bootstrap.php:103
actionadmin_enqueue_scriptsapp\Classes\DLCT_Bootstrap.php:104
actionwpdd_admin_page_renderapp\Classes\DLCT_Bootstrap.php:105
actionadmin_initapp\Classes\DLCT_Bootstrap.php:106
actionwp_dashboard_setupapp\Classes\DLCT_Bootstrap.php:108
filteradmin_footer_textapp\Classes\DLCT_Bootstrap.php:111
actionadmin_noticesapp\Controllers\ConfigController.php:56
actiondlct_daily_email_checkapp\Controllers\NotificationController.php:12
actioninitplugin.php:29
actionshutdownplugin.php:42

Scheduled Events 1

dlct_daily_email_check
Maintenance & Trust

Debug Log – Manager Tool Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedApr 30, 2025
PHP min version5.6
Downloads57K

Community Trust

Rating100/100
Number of ratings21
Active installs3K
Alternatives

Debug Log – Manager Tool Alternatives

LogIQ – Intelligent Debug Log Viewer

LogIQ – Intelligent Debug Log Viewer

log-iq

A
100

Stop digging through raw log files. LogIQ gives WordPress developers a smart, searchable, and beautiful debug log viewer — right inside the admin.

10 No CVEs
MCP Tracker

MCP Tracker

mcp-tracker

A
100

Records and displays MCP-related REST API requests made to your WordPress site.

10 No CVEs
Debug Suite

Debug Suite

debug-suite

A
100

A powerful, enterprise-grade debugging toolkit for WordPress developers with advanced log management, error tracking, and development tools.

0 No CVEs
Developer Debug Mode

Developer Debug Mode

developer-debug-mode

A
100

Toggle WordPress debug mode instantly. No wp-config.php editing needed. Features auto-save, admin bar quick toggle, and debug log viewer.

0 No CVEs
LogWatch

LogWatch

logwatch

A
100

Monitor and analyze PHP error logs directly from your WordPress admin panel with smart grouping, filtering, and export capabilities.

0 No CVEs
Developer Profile

Debug Log – Manager Tool Developer Profile

Lukman Nakib

4 plugins · 4K total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
10 days
View full developer profile
Detection Fingerprints

How We Detect Debug Log – Manager Tool

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/debug-log-config-tool/app/Assets/dist/css/dlct-admin.css/wp-content/plugins/debug-log-config-tool/app/Assets/dist/js/dlct-admin.js
Script Paths
/wp-content/plugins/debug-log-config-tool/app/Assets/dist/js/dlct-admin.js
Version Parameters
debug-log-config-tool/app/Assets/dist/css/dlct-admin.css?ver=debug-log-config-tool/app/Assets/dist/js/dlct-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
dlct-debug-enableddlct-debug-disableddlct-toggle-debugdlct-loadingdlct-spinner
Data Attributes
data-dlct-debug-status
JS Globals
DLCT_CONFIG
FAQ

Frequently Asked Questions about Debug Log – Manager Tool