Scan free
MEDIUMCVE-2025-9950CVSS 4.9

CVE-2025-9950: Arbitrary File Access in BestWebSoft Error Log Viewer

Platform

wordpress

Component

error-log-viewer

Fixed in

1.1.7

AI Confidence: highNVDEPSS 0.1%Reviewed: May 2026
View on NVD
Save

CVE-2025-9950 describes an Arbitrary File Access vulnerability discovered in the BestWebSoft Error Log Viewer plugin for WordPress. This vulnerability allows authenticated attackers with administrator privileges to read arbitrary files on the server, potentially exposing sensitive information such as configuration files or database credentials. The vulnerability affects versions from 0.0.0 up to and including 1.1.6. A patch is expected from the vendor.

WordPress

Detect this CVE in your project

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan free

Impact and Attack Scenarios

The primary impact of CVE-2025-9950 is the potential for unauthorized access to sensitive files on the WordPress server. An attacker who has successfully exploited this vulnerability can leverage the rrrlgvwrgetfile function to read any file the webserver process has access to. This could include configuration files containing database passwords, API keys, or other credentials. Successful exploitation could lead to complete compromise of the WordPress instance and potentially the underlying server. The ability to read arbitrary files represents a significant data breach risk and could facilitate further attacks, such as privilege escalation or data exfiltration.

Exploitation Context

CVE-2025-9950 was publicly disclosed on 2025-10-11. There are currently no known public proof-of-concept exploits available, but the ease of exploitation (requiring only administrator access) suggests a moderate risk of exploitation. The vulnerability has been added to the CISA KEV catalog, indicating a potential for widespread exploitation. Monitor security advisories from WordPress and BestWebSoft for updates.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown
CISA KEVNO
Internet ExposureHigh

EPSS

0.15% (35% percentile)

CISA SSVC

Exploitationnone
Automatableno
Technical Impactpartial

CVSS Vector

THREAT INTELLIGENCE· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.9MEDIUMAttack VectorNetworkHow the attacker reaches the targetAttack ComplexityLowConditions required to exploitPrivileges RequiredHighAuthentication level needed to attackUser InteractionNoneWhether a victim must take actionScopeUnchangedImpact beyond the vulnerable componentConfidentialityHighRisk of sensitive data exposureIntegrityNoneRisk of unauthorized data modificationAvailabilityNoneRisk of service disruptionnextguardhq.com · CVSS v3.1 Base Score
What do these metrics mean?
Attack Vector
Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
Attack Complexity
Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required
High — admin or privileged account required to exploit.
User Interaction
None — attack is automatic and silent. Victim does nothing: no click, no file open.
Scope
Unchanged — impact is limited to the vulnerable component itself.
Confidentiality
High — complete confidentiality loss. Attacker can read all data: credentials, keys, personal data.
Integrity
None — no integrity impact. Attacker cannot modify data.
Availability
None — no availability impact. Service remains fully operational.

Affected Software

Componenterror-log-viewer
Vendorbestwebsoft
Affected rangeFixed in
0 – 1.1.61.1.7

Package Information

Active installs
6KNiche
Plugin rating
4.8
Requires WordPress
6.2+
Compatible up to
6.9.4
Homepage

Weakness Classification (CWE)

CWE-22

Timeline

  1. Reserved
  2. Published
  3. Modified
  4. EPSS updated
Unpatched — 225 days since disclosure

Mitigation and Workarounds

The primary mitigation for CVE-2025-9950 is to upgrade the BestWebSoft Error Log Viewer plugin to a patched version as soon as it becomes available. Until a patch is released, consider disabling the plugin entirely to prevent exploitation. As a temporary workaround, restrict file permissions on the server to minimize the potential damage from a successful attack. Implement a Web Application Firewall (WAF) with rules to block attempts to access files outside of the intended directory. Monitor WordPress logs for suspicious activity, particularly requests to unusual file paths.

How to fix

Update the Error Log Viewer by BestWebSoft plugin to the latest available version, as it contains the fix for this Directory Traversal vulnerability. Ensure you perform a full backup of your website before updating any plugin.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2025-9950 — Arbitrary File Access in BestWebSoft Error Log Viewer?

CVE-2025-9950 is a vulnerability in the BestWebSoft Error Log Viewer plugin for WordPress allowing authenticated administrators to read arbitrary files on the server.

Am I affected by CVE-2025-9950 in BestWebSoft Error Log Viewer?

You are affected if your WordPress site uses the BestWebSoft Error Log Viewer plugin in versions 0.0.0 through 1.1.6.

How do I fix CVE-2025-9950 in BestWebSoft Error Log Viewer?

Upgrade the BestWebSoft Error Log Viewer plugin to a patched version as soon as it's available. Disable the plugin as a temporary workaround.

Is CVE-2025-9950 being actively exploited?

While no public exploits are currently known, the vulnerability's ease of exploitation suggests a potential for active exploitation.

Where can I find the official BestWebSoft advisory for CVE-2025-9950?

Check the BestWebSoft website and WordPress plugin repository for updates and advisories related to CVE-2025-9950.

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan freeSearch CVEs