Lucene search
Bob MatyasWPVDB-ID:71954C60-6A5B-4CAC-9920-6D9B787EAD9CHistoryMay 31, 2024 - 12:00 a.m.
WP Logs Book <= 1.0.1 - Disable Logging via CSRF
2024-05-3100:00:00
Bob Matyas
wpscan.com
wordpress
logs book
csrf
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PoC
Make an admin open an HTML file containing:
Related
nvd
nvd
CVE-2024-4474
2024-06-21 06:15:12
cvelist
cvelist
CVE-2024-4474 WP Logs Book <= 1.0.1 - Disable Logging via CSRF
2024-06-21 06:00:04
wpexploit
wpexploit
WP Logs Book <= 1.0.1 - Disable Logging via CSRF
2024-05-31 00:00:00
cve
cve
CVE-2024-4474
2024-06-21 06:15:12
wordfence
wordfence
6.2 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Related for WPVDB-ID:71954C60-6A5B-4CAC-9920-6D9B787EAD9C