CVE-2021-24756

The WP System Log plugin (WordPress) before version 1.0.21 does not sanitize, validate, or escape the IP address parsed from login requests, allowing an unauthenticated attacker to trigger Cross‑Site Scripting in admins viewing the Activity/Log dashboard. A fix is to upgrade to 1.0.21 or newer (r...