Lucene search
HistoryJun 21, 2024 - 6:15 a.m.
CVE-2024-4477
wordpress
logs book
unauthenticated stored cross-site scripting
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.0004 Low
EPSS
Percentile
14.1%
The WP Logs Book WordPress plugin through 1.0.1 does not sanitise and escape some of its log data before outputting them back in an admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting
Affected configurations
Node
onetarekwp_logs_bookRange≤1.0.1wordpress
Related
cve
cve
CVE-2024-4477
2024-06-21 06:15:12
cvelist
cvelist
CVE-2024-4477 WP Logs Book <= 1.0.1 - Unauthenticated Stored XSS
2024-06-21 06:00:04
wpvulndb
wpvulndb
WP Logs Book <= 1.0.1 - Unauthenticated Stored XSS
2024-05-31 00:00:00
vulnrichment
vulnrichment
CVE-2024-4477 WP Logs Book <= 1.0.1 - Unauthenticated Stored XSS
2024-06-21 06:00:04
wpexploit
wpexploit
WP Logs Book <= 1.0.1 - Unauthenticated Stored XSS
2024-05-31 00:00:00
wordfence
wordfence
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.0004 Low
EPSS
Percentile
14.1%
Related for NVD:CVE-2024-4477