exploitDog

CVE-2021-24176

Опубликовано: 05 апр. 2021

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Средний

Описание

The JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the WordPress dashboard.

Ссылки

https://ganofins.com/blog/my-first-cve-2021-24176/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/705bcd6e-6817-4f89-be37-901a767b0585
Exploit
Third Party Advisory
https://ganofins.com/blog/my-first-cve-2021-24176/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/705bcd6e-6817-4f89-be37-901a767b0585
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jh_404_logger_project:jh_404_logger:*:*:*:*:*:wordpress:*:*

Версия до 1.1 (включая)

EPSS

Процентиль: 96%

0.21335

Средний

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-w784-3vvf-4384

github

больше 3 лет назад

The JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the WordPress dashboard.

EPSS

Процентиль: 96%

0.21335

Средний

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

CWE-79