WP-Safety

Debug Log Viewer Security & Risk Analysis

wordpress.org/plugins/debug-log-viewer

Effortlessly view, search, filter and manage your WordPress debug.log in the admin dashboard. Real-time monitoring and email alerts

1K active installs v2.1 PHP 7.2+ WP 5.8+ Updated Mar 2, 2026
debugdebuggingerror-loglog
99
A · Safe
CVEs total1
Unpatched0
Last CVEOct 29, 2025
Download
Safety Verdict

Is Debug Log Viewer Safe to Use in 2026?

Generally Safe

Score 99/100

Debug Log Viewer has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Oct 29, 2025Updated 1mo ago
Risk Assessment

The debug-log-viewer plugin exhibits a concerning security posture due to a significant number of unprotected AJAX handlers. While the code signals indicate good practices regarding SQL queries and output escaping, the 19 AJAX handlers operating without authentication checks represent a substantial attack surface. This means that any unauthenticated user could potentially trigger these functions, leading to unintended consequences or further exploitation if any vulnerabilities exist within them.

The taint analysis shows a worrying trend of 5 flows with unsanitized paths, though thankfully these did not reach critical or high severity. This suggests that while there may be opportunities for path manipulation, they are not currently leading to severe compromises. The plugin's vulnerability history, with one medium CVE previously, and a common pattern of missing authorization, reinforces the concern around unprotected entry points. The last reported vulnerability was in 2025, suggesting it's been patched, but the historical pattern is a red flag.

In conclusion, the plugin demonstrates strengths in secure coding practices for SQL and output handling. However, the overwhelming number of unprotected AJAX entry points is a critical weakness that overshadows these strengths. The historical trend of missing authorization vulnerabilities further emphasizes the need for robust access control on all dynamic functionalities.

Key Concerns

  • 19 unprotected AJAX handlers
  • 5 flows with unsanitized paths
  • 1 medium CVE in history
  • Common vulnerability type: Missing Authorization
  • Bundled library: Freemius v1.0
Vulnerabilities
1

Debug Log Viewer Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-67561medium · 4.3Missing Authorization

Debug Log Viewer <= 2.0.3 - Missing Authorization

Oct 29, 2025 Patched in 2.0.4 (44d)
Code Analysis
Analyzed Mar 16, 2026

Debug Log Viewer Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
4 prepared
Unescaped Output
5
164 escaped
Nonce Checks
4
Capability Checks
3
File Operations
18
External Requests
1
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

100% prepared4 total queries

Output Escaping

97% escaped169 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

5 flows5 with unsanitized paths
saveSettings (admin\controllers\CleanupController.php:489)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
19 unprotected

Debug Log Viewer Attack Surface

Entry Points19
Unprotected19

AJAX Handlers 19

authwp_ajax_dbg_lv_run_manual_cleanupadmin\controllers\CleanupController.php:52
authwp_ajax_dbg_lv_get_cleanup_statsadmin\controllers\CleanupController.php:53
authwp_ajax_dbg_lv_log_viewer_clear_logadmin\controllers\HooksController.php:54
authwp_ajax_dbg_lv_log_viewer_download_logadmin\controllers\HooksController.php:58
authwp_ajax_dbg_lv_change_log_viewer_alerts_statusadmin\controllers\HooksController.php:63
authwp_ajax_dbg_lv_get_current_user_emailadmin\controllers\HooksController.php:67
authwp_ajax_dbg_lv_change_logs_update_modeadmin\controllers\HooksController.php:72
authwp_ajax_dbg_lv_change_datetime_formatadmin\controllers\HooksController.php:77
authwp_ajax_dbg_lv_change_timezoneadmin\controllers\HooksController.php:82
authwp_ajax_dbg_lv_save_cleanup_settingsadmin\controllers\HooksController.php:87
authwp_ajax_dbg_lv_first_run_enable_loggingadmin\controllers\HooksController.php:92
authwp_ajax_dbg_lv_toggle_debug_modeadmin\controllers\HooksController.php:97
authwp_ajax_dbg_lv_toggle_debug_scriptsadmin\controllers\HooksController.php:100
authwp_ajax_dbg_lv_toggle_log_in_fileadmin\controllers\HooksController.php:103
authwp_ajax_dbg_lv_toggle_display_errorsadmin\controllers\HooksController.php:106
authwp_ajax_dbg_lv_run_live_updatesadmin\controllers\HooksController.php:111
authwp_ajax_dbg_lv_is_debug_log_publicly_accessibleadmin\controllers\HooksController.php:115
authwp_ajax_dbg_lv_get_alert_scheduleadmin\controllers\HooksController.php:123
authwp_ajax_dbg_lv_get_cleanup_scheduleadmin\controllers\HooksController.php:127
WordPress Hooks 7
actionadmin_initadmin\controllers\CleanupController.php:50
actionadmin_noticesadmin\controllers\CleanupController.php:51
actionadmin_enqueue_scriptsadmin\controllers\HooksController.php:48
actionadmin_initadmin\controllers\HooksController.php:131
actionadmin_noticesadmin\controllers\HooksController.php:133
actionadmin_menuadmin\controllers\MenuController.php:11
actioninitdebug-log-viewer.php:36
Maintenance & Trust

Debug Log Viewer Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 2, 2026
PHP min version7.2
Downloads12K

Community Trust

Rating80/100
Number of ratings3
Active installs1K
Alternatives

Debug Log Viewer Alternatives

LogIQ

LogIQ

log-iq

A
100

A powerful and user-friendly debug log viewer for WordPress with editor integration.

10 No CVEs
Daisy Debug – Easy WP Debugging, Enable WP Debug, View Error Logs, Download Debug Log

Daisy Debug – Easy WP Debugging, Enable WP Debug, View Error Logs, Download Debug Log

daisy-debug

A
100

A beautiful debugging tool that lets you manage debug settings without editing wp-config.php file.

0 No CVEs
Debug Suite

Debug Suite

debug-suite

A
100

A powerful, enterprise-grade debugging toolkit for WordPress developers with advanced log management, error tracking, and development tools.

0 No CVEs
Easy Error Log

Easy Error Log

easy-error-log

A
100

Effortlessly track and manage WordPress debug.log on your WordPress site. Streamline the debugging process with Easy Error Log.

0 No CVEs
ErrorLyze – Error Logger & AI Debugger

ErrorLyze – Error Logger & AI Debugger

errorlyze

A
100

Detect and fix WordPress PHP errors with AI-powered analysis. Automatic error logging, monitoring, and step-by-step fix recommendations for developers &hellip;

0 No CVEs
Developer Profile

Debug Log Viewer Developer Profile

Oleksandr Lysyi

2 plugins · 1K total installs

85
trust score
Avg Security Score
96/100
Avg Patch Time
44 days
View full developer profile
Detection Fingerprints

How We Detect Debug Log Viewer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/debug-log-viewer/admin/assets/css/style.css/wp-content/plugins/debug-log-viewer/front/assets/vendor/css/font-awesome.min.css
Script Paths
/wp-content/plugins/debug-log-viewer/front/dist/bundle.js/wp-content/plugins/debug-log-viewer/front/assets/vendor/js/font-awesome.js
Version Parameters
debug-log-viewer/admin/assets/css/style.css?ver=debug-log-viewer/front/dist/bundle.js?ver=debug-log-viewer/front/assets/vendor/js/font-awesome.js?ver=

HTML / DOM Fingerprints

CSS Classes
dbg_lv_plugin_wrapper
HTML Comments
<!-- Debug Log Viewer -->
Data Attributes
data-view-modedata-log-emptydata-log-filter
JS Globals
dbg_lv_backend_datadbg_lv_freemius_data
REST Endpoints
/wp-json/debug-log-viewer/v1/settings
FAQ

Frequently Asked Questions about Debug Log Viewer