CVE-2021-24966

MEDIUM

Error Log Viewer <1.1.1 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-24966. PoCs published by Ceylan BOZOĞULLARINDAN.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file clearing vulnerability in WordPress Plugin Error Log Viewer 1.1.1. The vulnerability allows authenticated users to delete arbitrary files by manipulating the 'rrrlgvwr_clear_file_name' parameter.

Description

The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder

Exploits (1)

exploitdb WORKING POC

by Ceylan BOZOĞULLARINDAN · textwebappsphp

https://www.exploit-db.com/exploits/50746

View Code ZIP pw:eip

This exploit demonstrates an arbitrary file clearing vulnerability in WordPress Plugin Error Log Viewer 1.1.1. The vulnerability allows authenticated users to delete arbitrary files by manipulating the 'rrrlgvwr_clear_file_name' parameter.

Classification

Working Poc 100%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: WordPress Plugin Error Log Viewer 1.1.1

Auth required

Prerequisites: Authenticated access to WordPress admin panel · Plugin installed and activated

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://wpscan.com/vulnerability/166a4f88-4f0c-4bf4-b624-5e6a02e21fa0

Scores

CVSS v3 4.9

EPSS 0.0519

EPSS Percentile 91.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-73

Status published

Products (1)

bestwebsoft/error_log_viewer < 1.1.1

Published Mar 14, 2022

Tracked Since Feb 18, 2026