13 matches found
CVE-2024-4474
The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2024-4474
The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2024-4474 WP Logs Book <= 1.0.1 - Disable Logging via CSRF
The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2024-4475 WP Logs Book <= 1.0.1 - Log Clearing via CSRF
The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check when clearing logs, which could allow attackers to make a logged in admin clear the logs them via a CSRF attack...
CVE-2024-4474 WP Logs Book <= 1.0.1 - Disable Logging via CSRF
The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2024-4475 WP Logs Book <= 1.0.1 - Log Clearing via CSRF
The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check when clearing logs, which could allow attackers to make a logged in admin clear the logs them via a CSRF attack...
CVE-2024-4475
The WP Logs Book WordPress plugin (versions <= 1.0.1) contains a CSRF vulnerability in the log-clearing action, allowing an authenticated attacker to trigger log clearing via CSRF requests. PoCs describe an HTML form-based trigger requiring admin interaction. Several sources corroborate the is...
CVE-2024-4474
CVE-2024-4474 affects the WordPress plugin WP Logs Book (versions <= 1.0.1). The connected sources confirm a CSRF vulnerability where there is no CSRF check when updating settings, potentially allowing a logged-in attacker to change admin settings via a CSRF attack. The Red Hat/CVE and Patchst...
WordPress plugin WP Logs Book security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2024-31242 · WordPress · Wp Logs Book
Name of the Vulnerable Software and Affected Versions: WP Logs Book WordPress plugin versions 1.0.1 and earlier Description: The issue is related to the WP Logs Book WordPress plugin, which does not properly sanitise and escape some of its log data before outputting it back in an admin dashboard...
WordPress WP Logs Book Plugin <= 1.0.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP Logs Book Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-4474 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID ac6aad694797 Credits Bob Matyas Required...
WP Logs Book <= 1.0.1 - Unauthenticated Stored XSS
Description The plugin does not sanitise and escape some of its log data before outputting them back in an admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting PoC 1. On the login page, enter any username and for the password enter 2. As an admin, view the logs at:...
WP Logs Book <= 1.0.1 - Disable Logging via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack Make an admin open an HTML file containing:...