9 matches found
CVE-2021-24176
The JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the WordPress dashboard...
WordPress JH 404 Logger Cross-Site Scripting Vulnerability
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. JH 404 Logger WordPress plugin through 1.1 has a...
CVE-2021-24176
The JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the WordPress dashboard...
CVE-2021-24176
The JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the WordPress dashboard...
CVE-2021-24176
Summary: CVE-2021-24176 affects the WordPress JH 404 Logger plugin up to version 1.1. The root cause is that the referer and the path of 404 pages are not sanitized when echoed in the WordPress dashboard, enabling arbitrary JavaScript execution in the dashboard context. Impact: cross-site scripti...
WordPress JH 404 Logger 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. JH 404 Logger WordPress plugin through 1.1 has a...
JH 404 Logger <= 1.1 - Unauthenticated Stored Cross-Site Scripting (XSS)
The plugin doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the WordPress dashboard. curl 'https://example.com/non-existing-page"' -e '"'...
JH 404 Logger <= 1.1 - Unauthenticated Stored Cross-Site Scripting (XSS)
The plugin doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the WordPress dashboard. PoC curl 'https://example.com/non-existing-page"' -e '"'...
WordPress JH 404 Logger plugin <= 1.1 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ganesh Bagaria in WordPress JH 404 Logger plugin versions = 1.1. Solution Deactivate and delete. This plugin has been closed as of February 11, 2021 and is not available for download. Reason: Security Issue...