CVE-2024-4477

{"id": "CVE-2024-4477", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 0.9}]}, "published": "2024-06-21T06:15:12.347", "references": [{"url": "https://wpscan.com/vulnerability/ab551552-944c-4e2a-9355-7011cbe553b0/", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://wpscan.com/vulnerability/ab551552-944c-4e2a-9355-7011cbe553b0/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The WP Logs Book WordPress plugin through 1.0.1 does not sanitise and escape some of its log data before outputting them back in an admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting"}, {"lang": "es", "value": "El complemento WP Logs Book WordPress hasta la versi\u00f3n 1.0.1 no sanitiza ni escapa algunos de sus datos de registro antes de devolverlos a un panel de administraci\u00f3n, lo que genera un Cross-Site Scripting Almacenado no autenticado."}], "lastModified": "2024-11-21T09:42:54.207", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:onetarek:wp_logs_book:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "6741B07F-84FB-4D46-815E-275BBAD5D6B4", "versionEndIncluding": "1.0.1"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}