CVE-2021-24966: 
WordPress vulnerability analysis and mitigation

The Error Log Viewer WordPress plugin through version 1.1.1 contains a security vulnerability identified as CVE-2021-24966. The vulnerability was discovered by Ceylan Bozogullarindan and publicly disclosed on November 10, 2021. This security issue affects the Error Log Viewer plugin for WordPress, developed by BestWebSoft (WPScan).

The vulnerability is classified as a file deletion issue (CWE-73: External Control of File Name or Path) with a CVSS v3.1 base score of 4.9 (Medium). The technical issue stems from the plugin's failure to validate the path of log files that are to be cleared, which could allow privileged users to clear arbitrary files on the web server, including those outside of the WordPress blog folder (NVD, WPScan).

The vulnerability allows high-privilege users to clear arbitrary files on the web server, including critical files located outside of the WordPress blog folder. This could lead to the deletion of important system files or sensitive data, potentially causing system disruption or data loss (WPScan).

The vulnerability has been fixed in version 1.1.2 of the Error Log Viewer plugin. Users are advised to update to this version or later to mitigate the security risk (WPScan).