Vulners
Lucene search
WordPress JH 404 Logger <=1.1 - Cross-Site Scripting
| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
 | CVE-2021-24176 | 27 Apr 202309:58 | – | circl |
 | WordPress JH 404 Logger 跨站脚本漏洞 | 5 Apr 202100:00 | – | cnnvd |
 | WordPress JH 404 Logger Cross-Site Scripting Vulnerability | 30 Apr 202100:00 | – | cnvd |
 | CVE-2021-24176 | 5 Apr 202118:27 | – | cve |
 | CVE-2021-24176 JH 404 Logger <= 1.1 - Unauthenticated Stored Cross-Site Scripting (XSS) | 5 Apr 202118:27 | – | cvelist |
 | CVE-2021-24176 | 5 Apr 202119:15 | – | nvd |
 | CVE-2021-24176 | 5 Apr 202119:15 | – | osv |
 | WordPress JH 404 Logger plugin <= 1.1 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability | 11 Mar 202100:00 | – | patchstack |
 | Path traversal | 5 Apr 202119:15 | – | prion |
 | CVE-2021-24176 | 22 May 202519:20 | – | redhatcve |
10
id: CVE-2021-24176
info:
name: WordPress JH 404 Logger <=1.1 - Cross-Site Scripting
author: Ganofins
severity: medium
description: WordPress JH 404 Logger plugin through 1.1 contains a cross-site scripting vulnerability. Referer and path of 404 pages are not properly sanitized when they are output in the WordPress dashboard, which can lead to executing arbitrary JavaScript code.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft or unauthorized actions.
remediation: |
Update to the latest version of WordPress JH 404 Logger plugin (>=1.2) which addresses the XSS vulnerability.
reference:
- https://wpscan.com/vulnerability/705bcd6e-6817-4f89-be37-901a767b0585
- https://wordpress.org/plugins/jh-404-logger/
- https://ganofins.com/blog/my-first-cve-2021-24176/
- https://nvd.nist.gov/vuln/detail/CVE-2021-24176
- https://github.com/ARPSyndicate/cvemon
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cve-id: CVE-2021-24176
cwe-id: CWE-79
epss-score: 0.02044
epss-percentile: 0.78769
cpe: cpe:2.3:a:jh_404_logger_project:jh_404_logger:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
vendor: jh_404_logger_project
product: jh_404_logger
framework: wordpress
tags: cve2021,cve,wordpress,wp-plugin,xss,wpscan,jh_404_logger_project,vuln
http:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/jh-404-logger/readme.txt"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "JH 404 Logger"
- type: status
status:
- 200
# digest: 490a0046304402200849869511192dfcb7baa3ebb82b2a84a017941bd03af49a3c9951da6ced065502202625f6ddbc8fdc3b8b4a3344c5f14511f2e385e9fbda985bc8371731bd7dcaa2:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Feb 2026 07:00Current
6Medium risk
Vulners AI Score6
CVSS 23.5
CVSS 3.15.4
EPSS0.02044