CVE-2024-4477

The WP Logs Book WordPress plugin through 1.0.1 does not sanitise and escape some of its log data before outputting them back in an admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting
Configurations

Configuration 1 (hide)

cpe:2.3:a:onetarek:wp_logs_book:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 09:42

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/ab551552-944c-4e2a-9355-7011cbe553b0/ - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/ab551552-944c-4e2a-9355-7011cbe553b0/ - Exploit, Third Party Advisory

24 Jun 2024, 19:34

Type Values Removed Values Added
CPE cpe:2.3:a:onetarek:wp_logs_book:*:*:*:*:*:wordpress:*:*
CWE CWE-79
References () https://wpscan.com/vulnerability/ab551552-944c-4e2a-9355-7011cbe553b0/ - () https://wpscan.com/vulnerability/ab551552-944c-4e2a-9355-7011cbe553b0/ - Exploit, Third Party Advisory
First Time Onetarek
Onetarek wp Logs Book
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4
Summary
  • (es) El complemento WP Logs Book WordPress hasta la versión 1.0.1 no sanitiza ni escapa algunos de sus datos de registro antes de devolverlos a un panel de administración, lo que genera un Cross-Site Scripting Almacenado no autenticado.

21 Jun 2024, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-21 06:15

Updated : 2024-11-21 09:42


NVD link : CVE-2024-4477

Mitre link : CVE-2024-4477

CVE.ORG link : CVE-2024-4477


JSON object : View

Products Affected

onetarek

  • wp_logs_book
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')