CVE-2023-6821
Error Log Viewer < 1.1.3 - Directory Listing to Sensitive Data Exposure
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The Error Log Viewer by BestWebSoft WordPress plugin before 1.1.3 contains a vulnerability that allows you to read and download PHP logs without authorization
El complemento Error Log Viewer de BestWebSoft WordPress anterior a 1.1.3 contiene una vulnerabilidad que le permite leer y descargar registros PHP sin autorizaciĆ³n
The Error Log Viewer by BestWebSoft WordPress plugin before 1.1.3 is affected by a Directory Listing issue, allowing users to read and download PHP logs without authorization
The Error Log Viewer by BestWebSoft plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.2 via the plugin's log files. This makes it possible for unauthenticated attackers to extract sensitive data including file paths and other information stored within those logs.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2023-12-14 CVE Reserved
- 2024-02-20 CVE Published
- 2024-03-19 EPSS Updated
- 2024-08-30 CVE Updated
- 2024-08-30 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://wpscan.com/vulnerability/6b1a998d-c97c-4305-b12a-69e29408ebd9 | 2024-08-30 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Unknown Search vendor "Unknown" | Error Log Viewer Search vendor "Unknown" for product "Error Log Viewer" | < 1.1.3 Search vendor "Unknown" for product "Error Log Viewer" and version " < 1.1.3" | en |
Affected
| ||||||