Error Log Viewer
by WordPress
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-32681 | Hig | 0.55 | 8.5 | 0.00 | Apr 11, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Guru Error Log Viewer error-log-viewer-wp allows Blind SQL Injection.This issue affects Error Log Viewer: from n/a through <= 1.0.5. | ||
| CVE-2021-24761 | Med | 0.42 | 6.5 | 0.01 | Feb 1, 2022 | The Error Log Viewer WordPress plugin before 1.1.2 does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server. | ||
| CVE-2017-18562 | Med | 0.40 | 6.1 | 0.01 | Aug 21, 2019 | The error-log-viewer plugin before 1.0.6 for WordPress has multiple XSS issues. | ||
| CVE-2021-24966 | Med | 0.35 | 4.9 | 0.05 | Mar 14, 2022 | The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder | ||
| CVE-2025-9950 | Med | 0.32 | 4.9 | 0.01 | Oct 11, 2025 | The Error Log Viewer by BestWebSoft plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.6 via the rrrlgvwr_get_file function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read… |
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Guru Error Log Viewer error-log-viewer-wp allows Blind SQL Injection.This issue affects Error Log Viewer: from n/a through <= 1.0.5.
- risk 0.42cvss 6.5epss 0.01
The Error Log Viewer WordPress plugin before 1.1.2 does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server.
- risk 0.40cvss 6.1epss 0.01
The error-log-viewer plugin before 1.0.6 for WordPress has multiple XSS issues.
- risk 0.35cvss 4.9epss 0.05
The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder
- risk 0.32cvss 4.9epss 0.01
The Error Log Viewer by BestWebSoft plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.6 via the rrrlgvwr_get_file function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read…