CVE-2025-9950
BaseFortify
Publication date: 2025-10-11
Last updated on: 2026-04-08
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| bestwebsoft | error_log_viewer | 1.1.6 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Directory Traversal flaw in the Error Log Viewer plugin by BestWebSoft for WordPress, affecting all versions up to 1.1.6. It allows authenticated users with Administrator-level access or higher to exploit the rrrlgvwr_get_file function to read arbitrary files on the server, potentially exposing sensitive information.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker with Administrator-level access to read sensitive files on the server, which may include configuration files, credentials, or other confidential data. This could lead to information disclosure and potentially aid further attacks.