The WP System Log WordPress plugin prior to 1.0.21 does not sanitise, validate and escape the IP address retrieved from login requests before outputting them in the admin dashboard, which could allow unauthenticated malicious user to perform Cross-Site Scripting attacks against admins viewing the logs.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wp system log project wp system log |