CVE-2019-25315

MEDIUM

WordPress Server Log Viewer 1.0 - XSS

Title source: llm

Description

WordPress Server Log Viewer 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unfiltered log file paths. Attackers can add log files with embedded XSS payloads that will execute when viewed in the WordPress admin interface.

Exploits (1)

exploitdb WORKING POC

by strider · textwebappsphp

https://www.exploit-db.com/exploits/47419

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/47419

[Various Sources] https://github.com/anttiviljami/wp-server-log-viewer

[Third Party Advisory] https://www.vulncheck.com/advisories/wp-server-log-viewer-logfile-persistent-cross-site-scripting

Scores

CVSS v3 6.4

EPSS 0.0004

EPSS Percentile 12.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

anttiviljami/WP Server Log Viewer 1.0

Published Feb 11, 2026

Tracked Since Feb 18, 2026