CVE-2019-25315

MEDIUM

WordPress Server Log Viewer 1.0 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25315. PoCs published by strider.

AI-analyzed exploit summary The exploit demonstrates a persistent XSS vulnerability in WP Server Log Viewer 1.0 due to unfiltered input in the 'logpath' parameter. The PoC shows how an attacker can inject malicious JavaScript via an image tag with an onerror event handler.

Description

WordPress Server Log Viewer 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unfiltered log file paths. Attackers can add log files with embedded XSS payloads that will execute when viewed in the WordPress admin interface.

Exploits (1)

exploitdb WORKING POC
by strider · textwebappsphp
https://www.exploit-db.com/exploits/47419

The exploit demonstrates a persistent XSS vulnerability in WP Server Log Viewer 1.0 due to unfiltered input in the 'logpath' parameter. The PoC shows how an attacker can inject malicious JavaScript via an image tag with an onerror event handler.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: WP Server Log Viewer 1.0
Auth required
Prerequisites: Access to the WordPress admin panel to add a new log file
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 6.4
EPSS 0.0018
EPSS Percentile 8.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
anttiviljami/WP Server Log Viewer 1.0
Published Feb 11, 2026
Tracked Since Feb 18, 2026