Error Log Viewer By WP Guru Arbitrary File Read Vulnerability

A vulnerability allowing arbitrary file read has been identified in the Error Log Viewer By WP Guru plugin for WordPress, affecting all versions through 1.0.1.3. The issue arises from the wp_ajax_nopriv_elvwp_log_download AJAX action, which lacks proper authorization, enabling unauthenticated attackers to read arbitrary files on the server that may contain sensitive information.

Impact

Exploitation of this vulnerability allows for unauthorized access to sensitive files on the server, potentially leading to exposure of confidential information.

Reproduction

The vulnerability can be reproduced by sending a request to the wp_ajax_nopriv_elvwp_log_download action without authentication. This can be done using a tool like Postman or through a simple script that targets this AJAX action. The request must include the 'elvwp_error_log' parameter, which specifies the path of the file to be read. Once the request is sent, the response will contain the contents of the specified file, demonstrating the arbitrary file read capability.

Remediation

Users are advised to update the Error Log Viewer By WP Guru plugin to version 1.0.4 or later.