Volerion logoVolerion
Volerion logoVolerion

BestWebSoft WordPress Plugin Error Log Viewer Directory Traversal Vulnerability Allowing Arbitrary File Read

Vulnerability

A directory traversal vulnerability has been identified in the Error Log Viewer plugin by BestWebSoft for WordPress, affecting all versions up to and including 1.1.6. The vulnerability arises in the 'rrrlgvwr_get_file' function, where authenticated attackers with Administrator-level access can exploit the flaw to read arbitrary files on the server. This could lead to the exposure of sensitive information.

Impact

Exploitation of this vulnerability allows for arbitrary file read on the server, potentially exposing sensitive information.

Reproduction

To reproduce this vulnerability, an authenticated user with Administrator-level access can send a request to the 'admin.php?page=rrrlgvwr-monitor.php&action=rrrlgvwr_get_file' endpoint. The 'name' parameter can be manipulated to traverse directories and access arbitrary files on the server.

Remediation

No known patch is available. It is recommended to uninstall the affected plugin and find a replacement.

Added: Oct 11, 2025, 10:19 AM
Updated: Oct 11, 2025, 10:19 AM

Vulnerability Rating

Custom Algorithm
spread
1.0
impact
2.5
exploitability
6.0
remediation
0.0
relevance
0.7
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.