CVE-2025-8484

MEDIUM 5.3

Code Quality Control Tool <= 2.1 - Unauthenticated Information Exposure via Log Files

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

0th

The Code Quality Control Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in version 2.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files.

CWE	CWE-200
Vendor	nickclarkweb
Product	code quality control tool
Published	Oct 11, 2025
Last Updated	Apr 8, 2026

Stay Ahead of the Next One

Get instant alerts for nickclarkweb code quality control tool

Be the first to know when new medium vulnerabilities affecting nickclarkweb code quality control tool are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

nickclarkweb / Code Quality Control Tool

0 ≤ 2.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/b64635f4-abc0-4e69-89e4-357840c5e776?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/code-quality-control-tool/trunk/error_logger.php#L71 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/3385766/

Credits

Jonas Benjamin Friedli