Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for Error Log Viewer by BestWebSoft by Unknown

    CVE-2023-6821 (GCVE-0-2023-6821)

    Vulnerability from nvd – Published: 2024-03-18 19:05 – Updated: 2025-03-27 14:43
    VLAI
    Title
    Error Log Viewer < 1.1.3 - Directory Listing to Sensitive Data Exposure
    Summary
    The Error Log Viewer by BestWebSoft WordPress plugin before 1.1.3 is affected by a Directory Listing issue, allowing users to read and download PHP logs without authorization
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/6b1a998d-c97c-43… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown Error Log Viewer by BestWebSoft Affected: 0 , < 1.1.3 (semver)
    Create a notification for this product.
    Credits
    Dmitrii Ignatyev WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6821",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-21T18:18:28.348123Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-27T14:43:18.746Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:42:07.513Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/6b1a998d-c97c-4305-b12a-69e29408ebd9/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "product": "Error Log Viewer by BestWebSoft",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "1.1.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dmitrii Ignatyev"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Error Log Viewer by BestWebSoft WordPress plugin before 1.1.3 is affected by a Directory Listing issue, allowing users to read and download PHP logs without authorization"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-548 Exposure of Information Through Directory Listing",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-30T07:48:40.648Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/6b1a998d-c97c-4305-b12a-69e29408ebd9/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Error Log Viewer \u003c 1.1.3 - Directory Listing to Sensitive Data Exposure",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2023-6821",
        "datePublished": "2024-03-18T19:05:50.023Z",
        "dateReserved": "2023-12-14T17:22:55.631Z",
        "dateUpdated": "2025-03-27T14:43:18.746Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24966 (GCVE-0-2021-24966)

    Vulnerability from nvd – Published: 2022-03-14 14:41 – Updated: 2024-08-03 19:49
    VLAI
    Title
    Error Log Viewer Plugin <= 1.1.1 - Admin+ Arbitrary File Clearing
    Summary
    The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder
    Severity
    No CVSS data available.
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Error Log Viewer by BestWebSoft Affected: 1.1.1 , ≤ 1.1.1 (custom)
    Create a notification for this product.
    Credits
    Ceylan Bozogullarindan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:49:14.380Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/166a4f88-4f0c-4bf4-b624-5e6a02e21fa0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Error Log Viewer by BestWebSoft",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThanOrEqual": "1.1.1",
                  "status": "affected",
                  "version": "1.1.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Ceylan Bozogullarindan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73 External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-14T14:41:06.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/166a4f88-4f0c-4bf4-b624-5e6a02e21fa0"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Error Log Viewer Plugin \u003c= 1.1.1 - Admin+ Arbitrary File Clearing",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2021-24966",
              "STATE": "PUBLIC",
              "TITLE": "Error Log Viewer Plugin \u003c= 1.1.1 - Admin+ Arbitrary File Clearing"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Error Log Viewer by BestWebSoft",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1.1.1",
                                "version_value": "1.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Ceylan Bozogullarindan"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder"
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-73 External Control of File Name or Path"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/166a4f88-4f0c-4bf4-b624-5e6a02e21fa0",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/166a4f88-4f0c-4bf4-b624-5e6a02e21fa0"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2021-24966",
        "datePublished": "2022-03-14T14:41:06.000Z",
        "dateReserved": "2021-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:49:14.380Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24761 (GCVE-0-2021-24761)

    Vulnerability from nvd – Published: 2022-02-01 12:21 – Updated: 2024-08-03 19:42
    VLAI
    Title
    Error Log Viewer < 1.1.2 - Arbitrary Text File Deletion via CSRF
    Summary
    The Error Log Viewer WordPress plugin before 1.1.2 does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server.
    Severity
    No CVSS data available.
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Error Log Viewer by BestWebSoft Affected: 1.1.2 , < 1.1.2 (custom)
    Create a notification for this product.
    Credits
    apple502j
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:42:16.647Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/c14e1ba6-fc00-4150-b541-0d6740fee4d2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Error Log Viewer by BestWebSoft",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "1.1.2",
                  "status": "affected",
                  "version": "1.1.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "apple502j"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Error Log Viewer WordPress plugin before 1.1.2 does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-21T18:55:34.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/c14e1ba6-fc00-4150-b541-0d6740fee4d2"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Error Log Viewer \u003c 1.1.2 - Arbitrary Text File Deletion via CSRF",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2021-24761",
              "STATE": "PUBLIC",
              "TITLE": "Error Log Viewer \u003c 1.1.2 - Arbitrary Text File Deletion via CSRF"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Error Log Viewer by BestWebSoft",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.1.2",
                                "version_value": "1.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "apple502j"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Error Log Viewer WordPress plugin before 1.1.2 does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server."
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/c14e1ba6-fc00-4150-b541-0d6740fee4d2",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/c14e1ba6-fc00-4150-b541-0d6740fee4d2"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2021-24761",
        "datePublished": "2022-02-01T12:21:22.000Z",
        "dateReserved": "2021-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:42:16.647Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-6821 (GCVE-0-2023-6821)

    Vulnerability from cvelistv5 – Published: 2024-03-18 19:05 – Updated: 2025-03-27 14:43
    VLAI
    Title
    Error Log Viewer < 1.1.3 - Directory Listing to Sensitive Data Exposure
    Summary
    The Error Log Viewer by BestWebSoft WordPress plugin before 1.1.3 is affected by a Directory Listing issue, allowing users to read and download PHP logs without authorization
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/6b1a998d-c97c-43… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown Error Log Viewer by BestWebSoft Affected: 0 , < 1.1.3 (semver)
    Create a notification for this product.
    Credits
    Dmitrii Ignatyev WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6821",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-21T18:18:28.348123Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-27T14:43:18.746Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:42:07.513Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/6b1a998d-c97c-4305-b12a-69e29408ebd9/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "product": "Error Log Viewer by BestWebSoft",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "1.1.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dmitrii Ignatyev"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Error Log Viewer by BestWebSoft WordPress plugin before 1.1.3 is affected by a Directory Listing issue, allowing users to read and download PHP logs without authorization"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-548 Exposure of Information Through Directory Listing",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-30T07:48:40.648Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/6b1a998d-c97c-4305-b12a-69e29408ebd9/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Error Log Viewer \u003c 1.1.3 - Directory Listing to Sensitive Data Exposure",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2023-6821",
        "datePublished": "2024-03-18T19:05:50.023Z",
        "dateReserved": "2023-12-14T17:22:55.631Z",
        "dateUpdated": "2025-03-27T14:43:18.746Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24966 (GCVE-0-2021-24966)

    Vulnerability from cvelistv5 – Published: 2022-03-14 14:41 – Updated: 2024-08-03 19:49
    VLAI
    Title
    Error Log Viewer Plugin <= 1.1.1 - Admin+ Arbitrary File Clearing
    Summary
    The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder
    Severity
    No CVSS data available.
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Error Log Viewer by BestWebSoft Affected: 1.1.1 , ≤ 1.1.1 (custom)
    Create a notification for this product.
    Credits
    Ceylan Bozogullarindan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:49:14.380Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/166a4f88-4f0c-4bf4-b624-5e6a02e21fa0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Error Log Viewer by BestWebSoft",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThanOrEqual": "1.1.1",
                  "status": "affected",
                  "version": "1.1.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Ceylan Bozogullarindan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73 External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-14T14:41:06.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/166a4f88-4f0c-4bf4-b624-5e6a02e21fa0"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Error Log Viewer Plugin \u003c= 1.1.1 - Admin+ Arbitrary File Clearing",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2021-24966",
              "STATE": "PUBLIC",
              "TITLE": "Error Log Viewer Plugin \u003c= 1.1.1 - Admin+ Arbitrary File Clearing"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Error Log Viewer by BestWebSoft",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1.1.1",
                                "version_value": "1.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Ceylan Bozogullarindan"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder"
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-73 External Control of File Name or Path"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/166a4f88-4f0c-4bf4-b624-5e6a02e21fa0",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/166a4f88-4f0c-4bf4-b624-5e6a02e21fa0"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2021-24966",
        "datePublished": "2022-03-14T14:41:06.000Z",
        "dateReserved": "2021-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:49:14.380Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24761 (GCVE-0-2021-24761)

    Vulnerability from cvelistv5 – Published: 2022-02-01 12:21 – Updated: 2024-08-03 19:42
    VLAI
    Title
    Error Log Viewer < 1.1.2 - Arbitrary Text File Deletion via CSRF
    Summary
    The Error Log Viewer WordPress plugin before 1.1.2 does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server.
    Severity
    No CVSS data available.
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Error Log Viewer by BestWebSoft Affected: 1.1.2 , < 1.1.2 (custom)
    Create a notification for this product.
    Credits
    apple502j
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:42:16.647Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/c14e1ba6-fc00-4150-b541-0d6740fee4d2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Error Log Viewer by BestWebSoft",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "1.1.2",
                  "status": "affected",
                  "version": "1.1.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "apple502j"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Error Log Viewer WordPress plugin before 1.1.2 does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-21T18:55:34.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/c14e1ba6-fc00-4150-b541-0d6740fee4d2"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Error Log Viewer \u003c 1.1.2 - Arbitrary Text File Deletion via CSRF",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2021-24761",
              "STATE": "PUBLIC",
              "TITLE": "Error Log Viewer \u003c 1.1.2 - Arbitrary Text File Deletion via CSRF"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Error Log Viewer by BestWebSoft",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.1.2",
                                "version_value": "1.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "apple502j"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Error Log Viewer WordPress plugin before 1.1.2 does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server."
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/c14e1ba6-fc00-4150-b541-0d6740fee4d2",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/c14e1ba6-fc00-4150-b541-0d6740fee4d2"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2021-24761",
        "datePublished": "2022-02-01T12:21:22.000Z",
        "dateReserved": "2021-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:42:16.647Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }