Lucene search
Bob MatyasWPVDB-ID:AB551552-944C-4E2A-9355-7011CBE553B0HistoryMay 31, 2024 - 12:00 a.m.
WP Logs Book <= 1.0.1 - Unauthenticated Stored XSS
2024-05-3100:00:00
Bob Matyas
wpscan.com
3
wp logs book
unauthenticated
stored xss
admin dashboard
login page
security vulnerability
cross-site scripting
plugin
Description The plugin does not sanitise and escape some of its log data before outputting them back in an admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting
PoC
1. On the login page, enter any username and for the password enter `` 2. As an admin, view the logs at: https://example.com/wp-admin/admin.php?page=wp-logs-book%2Flogin_attack_log and see the XSS
Related
nvd
nvd
CVE-2024-4477
2024-06-21 06:15:12
cve
cve
CVE-2024-4477
2024-06-21 06:15:12
cvelist
cvelist
CVE-2024-4477 WP Logs Book <= 1.0.1 - Unauthenticated Stored XSS
2024-06-21 06:00:04
vulnrichment
vulnrichment
CVE-2024-4477 WP Logs Book <= 1.0.1 - Unauthenticated Stored XSS
2024-06-21 06:00:04
wpexploit
wpexploit
WP Logs Book <= 1.0.1 - Unauthenticated Stored XSS
2024-05-31 00:00:00
wordfence
wordfence
AI Score
6.2
Confidence
High
EPSS
0
Percentile
14.1%
Related for WPVDB-ID:AB551552-944C-4E2A-9355-7011CBE553B0