Vulnerabilities and security researches forerror-log-viewer-wp error-log-viewer-wp

Apr 13, 2025

CVE, Research URL: CVE-2025-32681
Home page URL: Security reports for Error Log Viewer By WP Guru
Application: Error Log Viewer By WP Guru
Date: Apr 11, 2025
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Guru Error Log Viewer allows Blind SQL Injection. This issue affects Error Log Viewer: from n/a through 1.0.5.
Affected versions: max 1.0.5.
Status: vulnerable

Jan 08, 2025

CVE, Research URL: CVE-2024-12849
Home page URL: Security reports for Error Log Viewer By WP Guru
Application: Error Log Viewer By WP Guru
Date: Jan 07, 2025
Research Description: The Error Log Viewer By WP Guru plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1.3 via the wp_ajax_nopriv_elvwp_log_download AJAX action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
Affected versions: max 1.0.4.
Status: vulnerable