CVE-2021-24966

MEDIUM

Error Log Viewer <1.1.1 - Privilege Escalation

Title source: llm

Description

The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder

Exploits (1)

exploitdb WORKING POC

by Ceylan BOZOĞULLARINDAN · textwebappsphp

https://www.exploit-db.com/exploits/50746

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/166a4f88-4f0c-4bf4-b624-5e6a02e21fa0

Scores

CVSS v3 4.9

EPSS 0.0425

EPSS Percentile 88.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Classification

CWE

CWE-73

Status published

Affected Products (1)

bestwebsoft/error_log_viewer < 1.1.1

Timeline

Published Mar 14, 2022

Tracked Since Feb 18, 2026