Lucene search
Bob MatyasWPEX-ID:AB551552-944C-4E2A-9355-7011CBE553B0HistoryMay 31, 2024 - 12:00 a.m.
WP Logs Book <= 1.0.1 - Unauthenticated Stored XSS
2024-05-3100:00:00
Bob Matyas
7
wordpress
unauthenticated
stored xss
login page
admin
exploit
security log
Description The plugin does not sanitise and escape some of its log data before outputting them back in an admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting
1. On the login page, enter any username and for the password enter `<script>alert(1)</script>`
2. As an admin, view the logs at: https://example.com/wp-admin/admin.php?page=wp-logs-book%2Flogin_attack_log and see the XSSRelated
cve
cve
CVE-2024-4477
2024-06-21 06:15:12
nvd
nvd
CVE-2024-4477
2024-06-21 06:15:12
cvelist
cvelist
CVE-2024-4477 WP Logs Book <= 1.0.1 - Unauthenticated Stored XSS
2024-06-21 06:00:04
wpvulndb
wpvulndb
WP Logs Book <= 1.0.1 - Unauthenticated Stored XSS
2024-05-31 00:00:00
vulnrichment
vulnrichment
CVE-2024-4477 WP Logs Book <= 1.0.1 - Unauthenticated Stored XSS
2024-06-21 06:00:04
wordfence
wordfence
6.2 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
14.2%
Related for WPEX-ID:AB551552-944C-4E2A-9355-7011CBE553B0