Description The plugin contains a vulnerability that allows you to read and download PHP logs without authorization
PoC
- Admin should click on “Save as TXT file” in http://your_site/wordpress/wp-admin/admin.php?page=rrrlgvwr-monitor.php 2) Then someone else can go to wordpress/wp-content/plugins/error-log-viewer/saved_logs and download log file from Index of Title