CVE-2025-9950
📋 TL;DR
The Error Log Viewer WordPress plugin contains a directory traversal vulnerability that allows authenticated attackers with Administrator privileges to read arbitrary files on the server. This affects all versions up to and including 1.1.6. Sensitive information like configuration files, passwords, or other credentials could be exposed.
💻 Affected Systems
- Error Log Viewer by BestWebSoft WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Administrator account compromise leads to full server file system access, exposing database credentials, SSH keys, and other sensitive system files, potentially enabling further server compromise.
Likely Case
Malicious administrator or compromised admin account reads WordPress configuration files (wp-config.php) containing database credentials, leading to database compromise.
If Mitigated
With proper access controls and monitoring, impact is limited to file read operations by authorized administrators only.
🎯 Exploit Status
Exploitation requires authenticated Administrator access; vulnerability is in the rrrlgvwr_get_file function which doesn't properly validate file paths.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 1.1.6
Vendor Advisory: https://plugins.trac.wordpress.org/browser/error-log-viewer/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Error Log Viewer' plugin. 4. Click 'Update Now' if update available. 5. Alternatively, delete plugin and install latest version from WordPress repository.
🔧 Temporary Workarounds
Disable or Remove Plugin
allTemporarily disable or completely remove the vulnerable plugin until patched version is available.
Restrict Administrator Access
allImplement strict access controls and monitoring for Administrator accounts; use principle of least privilege.
🧯 If You Can't Patch
- Remove Administrator access from untrusted users and implement multi-factor authentication
- Implement file system monitoring for unusual file read patterns from the WordPress directory
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for 'Error Log Viewer' version <= 1.1.6Check Version:
wp plugin get error-log-viewer --field=version (if WP-CLI installed)Verify Fix Applied:
Verify plugin version is > 1.1.6 after update; check plugin changelog for directory traversal fix📡 Detection & Monitoring
Log Indicators:
- Unusual file read operations in web server logs from /wp-admin/admin-ajax.php with 'rrrlgvwr_get_file' parameter
- Multiple failed attempts to access sensitive file paths
Network Indicators:
- HTTP POST requests to /wp-admin/admin-ajax.php with 'action=rrrlgvwr_get_file' and file path parameters
SIEM Query:
source="web_server_logs" AND uri="/wp-admin/admin-ajax.php" AND post_data="*rrrlgvwr_get_file*" AND (post_data="*../*" OR post_data="*/etc/*" OR post_data="*/wp-config.php*")