CVE-2021-24176
published 2021-04-05CVE-2021-24176: The JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to…
PriorityP334medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EXPLOIT
EPSS
2.04%
78.8th percentile
The JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the WordPress dashboard.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jh_404_logger_project | jh_404_logger | <= 1.1 | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
WordPress JH 404 Logger <=1.1 - Cross-Site Scripting
nuclei·CVSS 5.4
CVE-2021-24176 [MEDIUM] WordPress JH 404 Logger <=1.1 - Cross-Site Scripting
WordPress JH 404 Logger =1.2) which addresses the XSS vulnerability.
reference:
- https://wpscan.com/vulnerability/705bcd6e-6817-4f89-be37-901a767b0585
- https://wordpress.org/plugins/jh-404-logger/
- https://ganofins.com/blog/my-first-cve-2021-24176/
- https://nvd.nist.gov/vuln/detail/CVE-2021-24176
- https://github.com/ARPSyndicate/cvemon
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cve-id: CVE-2021-24176
cwe-id: CWE-79
epss-score: 0.36978
epss-percentile: 0.97161
cpe: cpe:2.3:a:jh_404_logger_project:jh_404_logger:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
vendor: jh_404_logger_project
product: jh_404_logger
framework: wordpress
tags: cve2021,cve,wordpress,wp-plugin,xss,wpscan,jh_404_logger_project,vuln
http:
- method: GET
path:
- "{{B
No writeups or analysis indexed.
2021-04-05
Published