CVE-2021-24176

MEDIUM NUCLEI

JH 404 Logger < 1.1 - XSS

Title source: rule

Description

The JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the WordPress dashboard.

Nuclei Templates (1)

WordPress JH 404 Logger <=1.1 - Cross-Site Scripting

MEDIUMby Ganofins

References (2)

[Exploit, Third Party Advisory] https://ganofins.com/blog/my-first-cve-2021-24176/

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/705bcd6e-6817-4f89-be37-901a767b0585

Scores

CVSS v3 5.4

EPSS 0.3698

EPSS Percentile 97.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

jh_404_logger_project/jh_404_logger < 1.1

Published Apr 05, 2021

Tracked Since Feb 18, 2026