CVE-2021-24761
N/A
N/A
Summary
The Error Log Viewer WordPress plugin before 1.1.2 does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | Error Log Viewer by BestWebSoft | 1.1.2 < 1.1.2 | affected |
Weaknesses
- CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)
- CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.