CVE-2024-4477 — Cross-site Scripting in WP Logs Book

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.2%

top 55.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Onetarek WP Logs Book

Timeline

PublishedJun 21

Description

The WP Logs Book WordPress plugin through 1.0.1 does not sanitise and escape some of its log data before outputting them back in an admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

▶NVDonetarek/wp_logs_book1.0.1

🔴Vulnerability Details

GHSA

GHSA-wvh4-52xx-9r94: The WP Logs Book WordPress plugin through 1↗2024-06-21

▶

CVEList

WP Logs Book <= 1.0.1 - Unauthenticated Stored XSS↗2024-06-21

▶