How it works Pricing

Vulnerabilities

WordPress Plugins Themes Stats Submit vulnerabilities

For developers

Status API details CLI scanner

WordPress Plugin Vulnerabilities

Error Log Viewer < 1.1.2 - Arbitrary Text File Deletion via CSRF

Description

The plugin does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server.

Proof of Concept

On Web Servers other than Windows, the /wp-content/plugins/error-log-viewer/saved_logs/ folder must exist for the attack to be successful, on Windows ones, there is no need for it

To delete the readme.txt of the plugin: https://example.com/wp-admin/admin.php?page=rrrlgvwr-monitor.php&saved_logs_action=delete&rrrlgvwr_check_del=../readme

Affects Plugins

error-log-viewer

Fixed in version 1.1.2

References

CVE

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

Miscellaneous

Original Researcher

apple502j

Submitter

apple502j

Verified

Yes

WPVDB ID

c14e1ba6-fc00-4150-b541-0d6740fee4d2

Timeline

Publicly Published

2021-12-29 (about 1 years ago)

Added

2021-12-29 (about 1 years ago)

Last Updated

2022-04-13 (about 9 months ago)

Our Other Services

WPScan WordPress Security Plugin