This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Unauthenticated Arbitrary File Read via path traversal. <br>π₯ **Consequences**: Attackers can read sensitive server files (e.g., config, credentials). CVSS 7.5 (High).
Q2Root Cause? (CWE/Flaw)
π‘οΈ **Root Cause**: CWE-22 (Path Traversal). <br>π **Flaw**: Missing authorization check in `wp_ajax_nopriv_elvwp_log_download` AJAX action. No input sanitization on file paths.
Q3Who is affected? (Versions/Components)
π¦ **Affected**: WordPress Plugin: **Error Log Viewer By WP Guru**. <br>π **Versions**: **1.0.1.3 and earlier**. Vendor: wpguruin.
Q4What can hackers do? (Privileges/Data)
π΅οΈ **Hackers Can**: Read **arbitrary files** on the server. <br>π **Data Risk**: Expose sensitive info (DB creds, source code, system configs). No admin login needed.
Q5Is exploitation threshold high? (Auth/Config)
β‘ **Threshold**: **LOW**. <br>π **Auth**: **Unauthenticated** (No login required). <br>π **Access**: Network accessible via AJAX endpoint.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π£ **Public Exp?**: **YES**. <br>π **PoCs**: Available on GitHub (RandomRobbieBF, Nxploited) & Nuclei templates. Automated scanning possible.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Scan for plugin version `<= 1.0.1.3`. <br>π§ͺ **Test**: Send crafted request to `wp_ajax_nopriv_elvwp_log_download` with `../../etc/passwd` payload.