CVE-2021-24176

CVE-2021-24176: JH 404 Logger <= 1.1 - Unauthenticated Stored Cross-Site Scripting (XSS)

Vendor Unknown

Product JH 404 Logger

Weakness CWE-79 · XSS

Published April 5, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the WordPress dashboard.

Key dates

02Disclosure timeline

April 5, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24176

Related vulnerabilities

04Related CVE

CVE-2025-62920 WordPress USERCENTRICS CMP plugin <= 1.0.9 - Cross Site Scripting (XSS) vulnerability CVE-2020-8031 obs: Stored XSS CVE-2023-53938 RockMongo 1.1.7 Stored Cross-Site Scripting Vulnerability via Multiple Parameters CVE-2026-1469 Stored Cross-Site Scripting (XSS) in RLE NOVA's PlanManager CVE-2025-15174 SohuTV CacheCloud AppManageController.java doAppAuditList cross site scripting