The plugin has a flawed CSRF when deleting log, and does not ensure that the file to be deleted is inside the expected folder. This could allow attackers to make users with the wpcode_activate_snippets capability delete arbitrary log files on the server, including outside of the blog folders
Make a logged in user with the wpcode_activate_snippets capability open the URL below https://example.com/wp-admin/admin.php?page=wpcode-tools&view;=logs&wpcode;_action=delete_log&log;=../../delete-me.log This will make them delete the ~/wp-content/delete-me.log
CPE | Name | Operator | Version |
---|---|---|---|
insert-headers-and-footers | lt | 2.0.9 |