CVE-2025-9950
- EPSS 0.29%
- Veröffentlicht 11.10.2025 09:28:39
- Zuletzt bearbeitet 14.10.2025 19:36:59
The Error Log Viewer by BestWebSoft plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.6 via the rrrlgvwr_get_file function. This makes it possible for authenticated attackers, with Administrator-level...
CVE-2023-6821
- EPSS 0.28%
- Veröffentlicht 18.03.2024 19:15:06
- Zuletzt bearbeitet 27.03.2025 15:15:48
The Error Log Viewer by BestWebSoft WordPress plugin before 1.1.3 is affected by a Directory Listing issue, allowing users to read and download PHP logs without authorization
CVE-2021-24966
- EPSS 4.25%
- Veröffentlicht 14.03.2022 15:15:08
- Zuletzt bearbeitet 21.11.2024 05:54:06
The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder
CVE-2021-24761
- EPSS 0.23%
- Veröffentlicht 01.02.2022 13:15:08
- Zuletzt bearbeitet 21.11.2024 05:53:42
The Error Log Viewer WordPress plugin before 1.1.2 does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server.
CVE-2017-18562
- EPSS 0.1%
- Veröffentlicht 21.08.2019 19:15:12
- Zuletzt bearbeitet 21.11.2024 03:20:24
The error-log-viewer plugin before 1.0.6 for WordPress has multiple XSS issues.
CVE-2017-2171
- EPSS 0.23%
- Veröffentlicht 22.05.2017 16:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form to DB prior to version 1.5.7, Custom Admin Page prio...