Source evidence

Cron Logger <= 1.3.0 – Missing Authorization vulnerability

Cron Logger · support · 2025-07-01T22:00:00+00:00

Cron Logger plugin evidence original source source API

complaintsentiment

highseverity

0.98relevance

1replies

Evidence linked to opportunitycommercial context

Proof Health

Open evidence

Commercial opportunities need traceable source links before they are treated as build-worthy.

6 / 35 rows with source links

17.1% of this page's analysis has direct source links.

0 build-decision rows missing links

0 rows here require auditable proof before promotion.

29 rows with no attached evidence

0 rows have source counts but still need direct links.

Conversation

support

crzyhrse unresolved

Cron Logger <= 1.3.0 – Missing Authorization Wordfence Intelligence > Vulnerability Database > Cron Logger <= 1.3.0 – Missing Authorization 4.3 Missing Authorization Publicly Published June 27, 2025 Last Updated July 1, 2025 Researcher Nguyen Xuan Chien Description The Cron Logger plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.3.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. Doublicate for https://wordpress.org/support/topic/v1-3-0-is-vulnerable-to-broken-access-control/ Please look there for updates on this issue.

Commercial Context

Opportunity

developer change safety and site customization

Debug change-safety workflow for shipping custom code and site changes without breaking production

Buyer: developers, agencies, and technical site owners

Wedge: preflight debug code changes, compatibility risks, rollback paths, and debug evidence

Proof Blocked card complete market

Analysis

heuristic-v1

Summary: Cron Logger <= 1.3.0 – Missing Authorization vulnerability: users show security, bugs, performance pain that may indicate a product gap.

Evidence quote: Cron Logger <= 1.3.0 – Missing Authorization vulnerability Cron Logger <= 1.3.0 – Missing Authorization Wordfence Intelligence > Vulnerability Database > Cron Logger <= 1.3.0 – Missing Authorization 4.3 Missing Authorization Publicly Published June 27, 2025 Last Updated July 1, 2025 Researcher Nguyen Xuan Chien Description The Cron Logger plugin for WordPres

Affected feature: form

security bugs performance missing feature

Plugin

API

Cron Logger

1.0K active installs · 48.0K downloads · rating 98.0

cron debug log tool wp cron

Comments

1 shown

Benjamin Birkenhake 2025-07-02T07:15:00+00:00

Doublicate for https://wordpress.org/support/topic/v1-3-0-is-vulnerable-to-broken-access-control/ Please look there for updates on this issue.