First published: Mon Mar 14 2022(Updated: )
The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Bestwebsoft Error Log Viewer Wordpress | <=1.1.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-24966 is a vulnerability in the Error Log Viewer WordPress plugin through version 1.1.1 that allows high privilege users to clear arbitrary files on the web server.
CVE-2021-24966 has a severity rating of 4.9, which is considered medium.
The Bestwebsoft Error Log Viewer plugin for WordPress versions up to 1.1.1 is affected by CVE-2021-24966.
To fix CVE-2021-24966, update the Error Log Viewer plugin to version 1.1.2 or later.
More information about CVE-2021-24966 can be found at this reference: https://wpscan.com/vulnerability/166a4f88-4f0c-4bf4-b624-5e6a02e21fa0