A vulnerability identified as critical has been detected in qriouslad Debug Log Manager Plugin up to 2.5.0 on WordPress. Affected is the function log_js_errors of the component AJAX Handler . This manipulation of the argument pageUrl causes improper output neutralization for logs. The identification of this vulnerability is CVE-2026-9016 . It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.