Does Debugger & Troubleshooter have any unpatched vulnerabilities?

No. All known vulnerabilities in Debugger & Troubleshooter have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Debugger & Troubleshooter compatible with WordPress 6.8.5?

According to WordPress.org data, Debugger & Troubleshooter 1.3.2 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Debugger & Troubleshooter compatible with PHP 7.4+?

Debugger & Troubleshooter requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Debugger & Troubleshooter updated?

Debugger & Troubleshooter was last updated on Feb 11, 2026. Frequent updates are generally a positive security signal.

What is Debugger & Troubleshooter's security score?

Debugger & Troubleshooter has a WP-Safety security score of 97/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Debugger & Troubleshooter Security & Risk Analysis

wordpress.org/plugins/debugger-troubleshooter

A WordPress plugin for debugging & troubleshooting. Safely simulate plugin deactivation, theme switching, and WP_DEBUG.

40 active installs v1.3.2 PHP 7.4+ WP 5.0+ Updated Feb 11, 2026

debugdeveloperphp-infotroubleshoot

A · Safe

CVEs total1

Unpatched0

Last CVEMar 30, 2026

Plugin page Download

Safety Verdict

Is Debugger & Troubleshooter Safe to Use in 2026?

Generally Safe

Score 97/100

Debugger & Troubleshooter has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Mar 30, 2026Updated 1mo ago

Risk Assessment

The 'debugger-troubleshooter' plugin v1.3.2 exhibits a generally good security posture based on the static analysis. All identified entry points, including the 5 AJAX handlers, have proper nonce and capability checks. The plugin also avoids dangerous functions, file operations, and external HTTP requests, and all SQL queries are properly prepared. This indicates a strong adherence to secure coding practices.

However, there is a notable concern regarding output escaping, with only 60% of outputs being properly escaped. This leaves a significant portion of the output susceptible to cross-site scripting (XSS) vulnerabilities if user-supplied data is involved in these unescaped outputs. The absence of any taint analysis results is also a slight unknown, as it means potential vulnerabilities in data flow were not detected by that specific method. The plugin's history of zero vulnerabilities is a positive sign, suggesting consistent secure development or a lack of focus from attackers, but it does not negate the potential risks identified in the current code analysis.

In conclusion, while the plugin demonstrates strengths in authentication, authorization, and SQL handling, the significant percentage of unescaped output presents a clear and present risk. Addressing the output escaping issues should be the primary focus to improve its overall security. The lack of past vulnerabilities is encouraging but should be viewed in conjunction with the current findings.

Key Concerns

Unescaped output identified

Vulnerabilities

Debugger & Troubleshooter Security Vulnerabilities

CVEs by Year

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2026-5130high · 8.8Reliance on Cookies without Validation and Integrity Checking

Debugger & Troubleshooter <= 1.3.2 - Unauthenticated Privilege Escalation to Administrator via Cookie Manipulation

Mar 30, 2026 Patched in 1.4.0 (1d)

Code Analysis

Analyzed Mar 16, 2026

Debugger & Troubleshooter Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

62 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Output Escaping

60% escaped103 total outputs

Attack Surface

Debugger & Troubleshooter Attack Surface

Entry Points5

Unprotected0

AJAX Handlers 5

authwp_ajax_debug_troubleshoot_toggle_modedebug-troubleshooter.php:68

authwp_ajax_debug_troubleshoot_update_statedebug-troubleshooter.php:69

authwp_ajax_debug_troubleshoot_toggle_debug_modedebug-troubleshooter.php:70

authwp_ajax_debug_troubleshoot_clear_debug_logdebug-troubleshooter.php:71

authwp_ajax_debug_troubleshoot_toggle_simulate_userdebug-troubleshooter.php:72

WordPress Hooks 14

actionadmin_menudebug-troubleshooter.php:66

actionadmin_enqueue_scriptsdebug-troubleshooter.php:67

actionplugins_loadeddebug-troubleshooter.php:75

actionplugins_loadeddebug-troubleshooter.php:76

actionplugins_loadeddebug-troubleshooter.php:77

actionadmin_noticesdebug-troubleshooter.php:80

actionadmin_bar_menudebug-troubleshooter.php:81

filteroption_active_pluginsdebug-troubleshooter.php:489

filtersite_option_active_sitewide_pluginsdebug-troubleshooter.php:491

filterpre_option_templatedebug-troubleshooter.php:495

filterpre_option_stylesheetdebug-troubleshooter.php:496

filterdetermine_current_userdebug-troubleshooter.php:804

actionwp_footerdebug-troubleshooter.php:883

actionadmin_footerdebug-troubleshooter.php:884

Maintenance & Trust

Debugger & Troubleshooter Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedFeb 11, 2026

PHP min version7.4

Downloads812

Community Trust

Rating100/100

Number of ratings1

Active installs40

Alternatives

Debugger & Troubleshooter Alternatives

Developer Debug Mode

developer-debug-mode

100

Toggle WordPress debug mode instantly. No wp-config.php editing needed. Features auto-save, admin bar quick toggle, and debug log viewer.

0 No CVEs

Notice TraceLog

notice-trace-log

100

Easily display PHP backtraces when Notices occur. Designed for developers to quickly identify the source of early execution issues in WordPress.

0 No CVEs

Debug Log Manager – Conveniently Monitor and Inspect Errors

debug-log-manager

Log PHP, database and JavaScript errors via WP_DEBUG with one click. Conveniently create, view, filter and clear the debug.log file.

10K 7 CVEs

Plugin Detective – Troubleshooting Conflicts

plugin-detective

100

Plugin Detective helps you troubleshoot issues on your site quickly and easily to find the cause of a problem. Once the culprit is found, the problem …

5K No CVEs

Debug Log – Manager Tool

debug-log-config-tool

The "Debug Log Config Tool" simplifies debugging. Toggle logging,queries , view levels, clear logs from dashboard.

3K 1 CVE

Developer Profile

Debugger & Troubleshooter Developer Profile

Jhimross Olinares

1 plugin · 40 total installs

trust score

Avg Security Score

97/100

Avg Patch Time

1 days

View full developer profile

Detection Fingerprints

How We Detect Debugger & Troubleshooter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/debugger-troubleshooter/assets/css/admin.css/wp-content/plugins/debugger-troubleshooter/assets/js/admin.js

Script Paths

/wp-content/plugins/debugger-troubleshooter/assets/js/admin.js

Version Parameters

debugger-troubleshooter/assets/css/admin.css?ver=debugger-troubleshooter/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

debug-troubleshooter-wrapdebug-troubleshooter-contentdebug-troubleshooter-sectionsection-headersection-contentstandalone-sectiontroubleshoot-mode-controlsdebug-troubleshooter-card

Data Attributes

id="copy-site-info"id="troubleshoot-mode-toggle"id="troubleshoot-theme-select"data-noncedata-ajax-url

JS Globals

debugTroubleshoot

REST Endpoints

/wp-json/debugger-troubleshooter/v1/admin-ajax.php

FAQ