CVE-2021-24761

Name of the Vulnerable Software and Affected Versions Error Log Viewer WordPress plugin versions prior to 1.1.2

Description The issue concerns a lack of nonce check when deleting a log file and the absence of path traversal prevention. This could allow attackers to make a logged-in admin delete arbitrary text files on the web server.

Recommendations For Error Log Viewer WordPress plugin versions prior to 1.1.2, update to version 1.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the log file deletion functionality to minimize the risk of exploitation.