CVE-2021-24966
CVE-2021-24966 is a medium-severity vulnerability in Bestwebsoft Error Log Viewer with a CVSS 3.x base score of 4.9. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-73.
Key facts
- Severity: Medium (CVSS 3.x base score 4.9)
- CVSS v2: 4.0
- EPSS exploit prediction: 5% (91st percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-73
- Affected product: Bestwebsoft Error Log Viewer
- Published:
- Last modified:
Description
The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder
Frequently asked questions
- What is CVE-2021-24966?
- The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder
- How severe is CVE-2021-24966?
- CVE-2021-24966 has a CVSS 3.x base score of 4.9, rated medium severity. It is exploitable over network with low attack complexity, requires high privileges and no user interaction. Impact on confidentiality is none, integrity high, and availability none.
- Is CVE-2021-24966 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 5% (91st percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2021-24966?
- CVE-2021-24966 affects Bestwebsoft Error Log Viewer. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2021-24966?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2021-24966 published?
- CVE-2021-24966 was published on 2022-03-14 and last updated on 2026-06-17.
References
Affected products (1)
- cpe:2.3:a:bestwebsoft:error_log_viewer:*:*:*:*:*:wordpress:*:*
More vulnerabilities in Bestwebsoft Error Log Viewer
- CVE-2023-6821 — Medium (CVSS 6.5): The Error Log Viewer by BestWebSoft WordPress plugin before 1.1.3 is affected by a Directory Listing issue, allowing…
- CVE-2021-24761 — Medium (CVSS 6.5): The Error Log Viewer WordPress plugin before 1.1.2 does not perform nonce check when deleting a log file and does not…
- CVE-2017-18562 — Medium (CVSS 6.1): The error-log-viewer plugin before 1.0.6 for WordPress has multiple XSS issues.
- CVE-2017-2171 — Medium (CVSS 6.1): Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form…
All CVEs affecting Bestwebsoft Error Log Viewer →
Other CWE-73 vulnerabilities
- CVE-2025-71338 — Critical (CVSS 10.0): Flowise contains a path traversal vulnerability in the /api/v1/document-store/loader/process endpoint that allows…
- CVE-2026-39907 — Critical (CVSS 10.0): Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose an unauthenticated WCF SOAP endpoint on…
- CVE-2026-27211 — Critical (CVSS 10.0): Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. Versions 34.0 through 50.0 arevulnerable to…
- CVE-2025-71334 — Critical (CVSS 9.8): Flowise before 3.0.6 (affected versions 2.2.8 and earlier) contains an arbitrary file access vulnerability due to…
- CVE-2025-71333 — Critical (CVSS 9.8): Flowise through 2.2.4 contains an unauthenticated arbitrary file upload vulnerability in the /api/v1/attachments…
- CVE-2026-39006 — Critical (CVSS 9.8): An issue in SNMP4J-Agent 3.8.3 allows a remote attacker to execute arbitrary code via the snmp4jCfgStoragePath…