cve/2024/CVE-2024-4477.md

### [CVE-2024-4477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4477)
![](https://img.shields.io/static/v1?label=Product&message=WP%20Logs%20Book&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen)

### Description

The WP Logs Book WordPress plugin through 1.0.1 does not sanitise and escape some of its log data before outputting them back in an admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting

### POC

#### Reference
- https://wpscan.com/vulnerability/ab551552-944c-4e2a-9355-7011cbe553b0/

#### Github
No PoCs found on GitHub currently.
Update CVE sources 2024-06-22 09:37 2024-06-22 09:37:59 +00:00			`### [CVE-2024-4477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4477)`
			`![](https://img.shields.io/static/v1?label=Product&message=WP%20Logs%20Book&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen)`

			`### Description`

			`The WP Logs Book WordPress plugin through 1.0.1 does not sanitise and escape some of its log data before outputting them back in an admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting`

			`### POC`

			`#### Reference`
			`- https://wpscan.com/vulnerability/ab551552-944c-4e2a-9355-7011cbe553b0/`

			`#### Github`
			`No PoCs found on GitHub currently.`