The Error Log Viewer WordPress plugin before 1.1.2 does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/c14e1ba6-fc00-4150-b541-0d6740fee4d2 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2022-02-01T12:21:22
Updated: 2022-03-21T18:55:34
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24761
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-02-01T13:15:08.337
Modified: 2022-10-27T19:26:18.237
Link: CVE-2021-24761
JSON object: View
Redhat Information
No data.