Description
The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder
References
https://wpscan.com/vulnerability/166a4f88-4f0c-4bf4-b624-5e6a02e21fa0
ExploitThird Party Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
4.9 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2022-03-14T15:15:08.760
3 years agoLast modified
2022-03-20T03:30:53.710
3 years ago