Orbit Fox < 2.10.24 - Author+ Server-Side Request Forgery

The plugin does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user may force the server to access any URL of their choosing. 1. Install the Log HTTP Requests plugin to inspect th...

CVE-2022-3402

The Log HTTP Requests plugin for WordPress is vulnerable to Stored Cross-Site Scripting via logged HTTP requests in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers who can trick a site's...

PT-2022-21970 · WordPress · Log Http Requests

Name of the Vulnerable Software and Affected Versions: Log HTTP Requests plugin for WordPress versions up to, and including, 1.3.1 Description: The issue is related to Stored Cross-Site Scripting via logged HTTP requests due to insufficient input sanitization and output escaping. This allows...

WordPress plugin Log HTTP Requests 跨站脚本漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Log HTTP Requests plugin 1.3.1 and earlier versions, which can be exploited by an attacke...

WordPress Log HTTP Requests plugin <= 1.3.1 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Etan Imanol Castro Aldrete in WordPress Log HTTP Requests plugin versions = 1.3.1. Solution Update the WordPress Log HTTP Requests plugin to the latest available version at least 1.3.2...