First published: Tue Feb 01 2022(Updated: )
The Error Log Viewer WordPress plugin before 1.1.2 does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server.
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Bestwebsoft Error Log Viewer Wordpress | <1.1.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-24761 is a vulnerability in the Error Log Viewer WordPress plugin before version 1.1.2 that allows attackers to delete arbitrary text files on the web server.
CVE-2021-24761 has a severity rating of 6.5 (Medium).
CVE-2021-24761 affects Bestwebsoft Error Log Viewer version up to exclusive 1.1.2.
The fix for CVE-2021-24761 is to update the Error Log Viewer WordPress plugin to version 1.1.2 or higher.
CVE-2021-24761 has two CWE classifications: CWE-22 (Path Traversal) and CWE-352 (Cross-Site Request Forgery).