.. / CVE-2021-24176

Exploit for WordPress JH 404 Logger <=1.1 - Cross-Site Scripting (CVE-2021-24176)

Description:

WordPress JH 404 Logger plugin through 1.1 contains a cross-site scripting vulnerability. Referer and path of 404 pages are not properly sanitized when they are output in the WordPress dashboard, which can lead to executing arbitrary JavaScript code.

Nuclei Template

View the template here CVE-2021-24176.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-24176.yaml

References:

https://ganofins.com/blog/my-first-cve-2021-24176/
https://nvd.nist.gov/vuln/detail/CVE-2021-24176
https://github.com/ARPSyndicate/cvemon
https://wordpress.org/plugins/jh-404-logger/
https://wpscan.com/vulnerability/705bcd6e-6817-4f89-be37-901a767b0585

.. / CVE-2021-24176 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for WordPress JH 404 Logger <=1.1 - Cross-Site Scripting (CVE-2021-24176)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-24176