WP-Safety

Debug Log Manager – Conveniently Monitor and Inspect Errors Security & Risk Analysis

wordpress.org/plugins/debug-log-manager

Log PHP, database and JavaScript errors via WP_DEBUG with one click. Conveniently create, view, filter and clear the debug.log file.

10K active installs v2.4.3 PHP 5.6+ WP 4.6+ Updated Sep 24, 2025
debugdevelopererrors
91
A · Safe
CVEs total7
Unpatched0
Last CVEApr 18, 2025
Plugin page Download
Safety Verdict

Is Debug Log Manager – Conveniently Monitor and Inspect Errors Safe to Use in 2026?

Generally Safe

Score 91/100

Debug Log Manager – Conveniently Monitor and Inspect Errors has a strong security track record. Known vulnerabilities have been patched promptly.

7 known CVEsLast CVE: Apr 18, 2025Updated 6mo ago
Risk Assessment

The debug-log-manager plugin presents a mixed security posture. While it demonstrates good practices in SQL query handling, file operations, and a significant portion of output escaping, several significant concerns emerge. The most critical issue is the large attack surface composed of 10 AJAX handlers, all of which lack authorization checks. This makes it highly susceptible to unauthorized actions by unauthenticated users. Furthermore, the plugin's history of 7 known CVEs, including high-severity vulnerabilities like missing authorization, cross-site scripting, and information exposure, indicates a recurring pattern of security weaknesses. The recent vulnerability in 2025, even if currently patched, suggests that the plugin's development may not consistently prioritize security in its updates. While the absence of critical taint flows and raw SQL queries are positive, the extensive unprotected entry points and historical vulnerability record necessitate caution.

Key Concerns

  • 10 AJAX handlers without auth checks
  • 7 known CVEs (2 high, 5 medium)
  • 2 flows with unsanitized paths
  • 21% of outputs not properly escaped
  • Bundled DataTables library
Vulnerabilities
7

Debug Log Manager – Conveniently Monitor and Inspect Errors Security Vulnerabilities

CVEs by Year

3 CVEs in 2023
2023
3 CVEs in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

High
2
Medium
5

7 total CVEs

CVE-2025-3809high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Debug Log Manager <= 2.3.4 - Unauthenticated Stored Cross-Site Scripting

Apr 18, 2025 Patched in 2.3.5 (4d)
CVE-2024-35669medium · 5.4Missing Authorization

Debug Log Manager <= 2.3.1 - Missing Authorization

Jun 3, 2024 Patched in 2.3.2 (9d)
CVE-2024-33915medium · 4.3Missing Authorization

Debug Log Manager <= 2.3.1 - Missing Authorization via toggle_debugging

Apr 29, 2024 Patched in 2.3.2 (9d)
CVE-2024-32582high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Debug Log Manager <= 2.3.1 - Unauthenticated Stored Cross-Site Scripting

Apr 16, 2024 Patched in 2.3.2 (9d)
CVE-2023-6383medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Debug Log Manager <= 2.2.2 - Directory Listing to Sensitive Information Disclosure

Dec 13, 2023 Patched in 2.3.0 (56d)
CVE-2023-5772medium · 4.3Cross-Site Request Forgery (CSRF)

Debug Log Manager <= 2.2.0 - Cross-Site Request Forgery

Nov 29, 2023 Patched in 2.2.2 (55d)
CVE-2023-6136medium · 4.3Missing Authorization

Debug Log Manager <= 2.2.1 - Missing Authorization

Nov 23, 2023 Patched in 2.2.2 (63d)
Code Analysis
Analyzed Mar 16, 2026

Debug Log Manager – Conveniently Monitor and Inspect Errors Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
15
55 escaped
Nonce Checks
9
Capability Checks
8
File Operations
19
External Requests
0
Bundled Libraries
1

Bundled Libraries

DataTables

Output Escaping

79% escaped70 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths
create_main_page (bootstrap.php:232)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
10 unprotected

Debug Log Manager – Conveniently Monitor and Inspect Errors Attack Surface

Entry Points10
Unprotected10

AJAX Handlers 10

authwp_ajax_toggle_debuggingbootstrap.php:114
authwp_ajax_toggle_autorefreshbootstrap.php:115
authwp_ajax_get_latest_entriesbootstrap.php:116
authwp_ajax_clear_logbootstrap.php:117
authwp_ajax_disable_wp_file_editorbootstrap.php:118
authwp_ajax_toggle_js_error_loggingbootstrap.php:119
authwp_ajax_toggle_script_debug_modification_statusbootstrap.php:120
authwp_ajax_toggle_process_non_utc_timezones_statusbootstrap.php:121
authwp_ajax_log_js_errorsbootstrap.php:122
noprivwp_ajax_log_js_errorsbootstrap.php:123
WordPress Hooks 13
actionadmin_menubootstrap.php:47
actionadmin_noticesbootstrap.php:50
actionall_admin_noticesbootstrap.php:51
filteradmin_footer_textbootstrap.php:61
filterupdate_footerbootstrap.php:64
actionadmin_enqueue_scriptsbootstrap.php:68
actionadmin_enqueue_scriptsbootstrap.php:76
actionadmin_enqueue_scriptsbootstrap.php:81
actionadmin_bar_menubootstrap.php:97
actionwp_dashboard_setupbootstrap.php:102
actionadmin_enqueue_scriptsbootstrap.php:105
actionwp_enqueue_scriptsbootstrap.php:106
actionwp_enqueue_scriptsbootstrap.php:109
Maintenance & Trust

Debug Log Manager – Conveniently Monitor and Inspect Errors Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedSep 24, 2025
PHP min version5.6
Downloads117K

Community Trust

Rating100/100
Number of ratings24
Active installs10K
Alternatives

Debug Log Manager – Conveniently Monitor and Inspect Errors Alternatives

Error Logs Emailer for WooCommerce

Error Logs Emailer for WooCommerce

error-logs-emailer-for-woocommerce

A
100

Sends the previous day's WooCommerce fatal error log to specified email(s) using Action Scheduler.

20 No CVEs
LogMate

LogMate

logmate

A
100

Modern log management and export for WordPress with purging, filtering, and export. by BruteFort

0 No CVEs
Debug Log – Manager Tool

Debug Log – Manager Tool

debug-log-config-tool

A
99

The "Debug Log Config Tool" simplifies debugging. Toggle logging,queries , view levels, clear logs from dashboard.

3K 1 CVE
Debug This

Debug This

debug-this

A
100

Peek under the hood with sixty debugging reports just one click away.

2K No CVEs
Debug Bar Console

Debug Bar Console

debug-bar-console

A
92

Adds a PHP/SQL console to the Debug Bar. Requires the Debug Bar plugin.

1K No CVEs
Developer Profile

Debug Log Manager – Conveniently Monitor and Inspect Errors Developer Profile

Bowo

7 plugins · 211K total installs

80
trust score
Avg Security Score
89/100
Avg Patch Time
35 days
View full developer profile
Detection Fingerprints

How We Detect Debug Log Manager – Conveniently Monitor and Inspect Errors

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/debug-log-manager/assets/css/debug-log-manager.css/wp-content/plugins/debug-log-manager/assets/js/debug-log-manager.js/wp-content/plugins/debug-log-manager/assets/js/log-viewer.js/wp-content/plugins/debug-log-manager/assets/js/dist/debug-log-manager.min.js/wp-content/plugins/debug-log-manager/assets/js/dist/log-viewer.min.js
Script Paths
/wp-content/plugins/debug-log-manager/assets/js/debug-log-manager.js/wp-content/plugins/debug-log-manager/assets/js/log-viewer.js/wp-content/plugins/debug-log-manager/assets/js/dist/debug-log-manager.min.js/wp-content/plugins/debug-log-manager/assets/js/dist/log-viewer.min.js
Version Parameters
debug-log-manager/assets/css/debug-log-manager.css?ver=debug-log-manager/assets/js/debug-log-manager.js?ver=debug-log-manager/assets/js/log-viewer.js?ver=debug-log-manager/assets/js/dist/debug-log-manager.min.js?ver=debug-log-manager/assets/js/dist/log-viewer.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
dlm-log-viewerdlm-toolbar
Data Attributes
data-dlm-ajax-url
JS Globals
dlm_ajax_objectDLM_LOG_VIEWER_CONFIG
REST Endpoints
/wp-json/debug-log-manager/v1/settings
FAQ

Frequently Asked Questions about Debug Log Manager – Conveniently Monitor and Inspect Errors