WordPress WP Logs Book plugin <= 1.0.1 - Log Clearing via CSRF vulnerability

Log Clearing via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP Logs Book versions = 1.0.1...

CVE-2024-4474

The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

WordPress WP Logs Book plugin <= 1.0.1 - Unauthenticated Stored XSS vulnerability

Unauthenticated Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin WP Logs Book versions = 1.0.1...

WordPress WP Logs Book plugin <= 1.0.1 - Multiple CSRF vulnerability

Multiple CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP Logs Book versions = 1.0.1...

CVE-2024-4477

The WP Logs Book WordPress plugin through 1.0.1 does not sanitise and escape some of its log data before outputting them back in an admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting...

CVE-2024-4477

The WP Logs Book WordPress plugin through 1.0.1 does not sanitise and escape some of its log data before outputting them back in an admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting...

CVE-2024-4474

The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2024-4475

The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check when clearing logs, which could allow attackers to make a logged in admin clear the logs them via a CSRF attack...

CVE-2024-4474

The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2024-4474

CVE-2024-4474 affects the WordPress plugin WP Logs Book (versions &lt;= 1.0.1). The connected sources confirm a CSRF vulnerability where there is no CSRF check when updating settings, potentially allowing a logged-in attacker to change admin settings via a CSRF attack. The Red Hat/CVE and Patchst...

CVE-2024-4474 WP Logs Book <= 1.0.1 - Disable Logging via CSRF

The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2024-4475 WP Logs Book <= 1.0.1 - Log Clearing via CSRF

The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check when clearing logs, which could allow attackers to make a logged in admin clear the logs them via a CSRF attack...

CVE-2024-4475

The WP Logs Book WordPress plugin (versions &lt;= 1.0.1) contains a CSRF vulnerability in the log-clearing action, allowing an authenticated attacker to trigger log clearing via CSRF requests. PoCs describe an HTML form-based trigger requiring admin interaction. Several sources corroborate the is...

CVE-2024-4474 WP Logs Book <= 1.0.1 - Disable Logging via CSRF

The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2024-4475 WP Logs Book <= 1.0.1 - Log Clearing via CSRF

The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check when clearing logs, which could allow attackers to make a logged in admin clear the logs them via a CSRF attack...

PT-2024-31242 · WordPress · Wp Logs Book

Name of the Vulnerable Software and Affected Versions: WP Logs Book WordPress plugin versions 1.0.1 and earlier Description: The issue is related to the WP Logs Book WordPress plugin, which does not properly sanitise and escape some of its log data before outputting it back in an admin dashboard...

WordPress WP Logs Book Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Logs Book Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4477 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 68e2026bab3a Credits Bob Matyas Required...

WordPress plugin WP Logs Book security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress WP Logs Book Plugin <= 1.0.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Logs Book Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-4474 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID ac6aad694797 Credits Bob Matyas Required...

WordPress plugin WP Logs Book security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...