Error Log Viewer < 1.1.2 - Arbitrary Text File Deletion via CSRF
CVE-2021-24761
6.5MEDIUM
What is CVE-2021-24761?
The Error Log Viewer WordPress plugin before 1.1.2 does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server.
Affected Version(s)
Error Log Viewer by BestWebSoft 1.1.2