CVE-2021-24761

Summary

The Error Log Viewer WordPress plugin before 1.1.2 does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server.

Affected Software

VendorProductVersion RangeStatus
UnknownError Log Viewer by BestWebSoft1.1.2 < 1.1.2affected

Weaknesses

  • CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)
  • CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CVE Program Container

Additional References

References