CVE-2019-25315
Persistent XSS in WordPress Server Log Viewer 1.0 Admin Interface
Publication date: 2026-02-11
Last updated on: 2026-02-11
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| anttiviljami | wp_server_log_viewer | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2019-25315 is a persistent cross-site scripting (XSS) vulnerability found in the WordPress Server Log Viewer version 1.0. It occurs because the plugin allows attackers to inject malicious scripts through unfiltered log file paths. Specifically, attackers can add log files containing embedded XSS payloads, which then execute when these logs are viewed in the WordPress admin interface.'}, {'type': 'paragraph', 'content': "The vulnerability arises from the plugin's failure to properly validate or escape the 'logpath' input parameter before storing it. This means that malicious JavaScript code can be persistently stored and executed in the admin dashboard, potentially compromising administrator sessions."}] [1, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute malicious scripts within the WordPress admin interface. Since the malicious code is stored persistently, it will execute every time the infected log file is viewed by an administrator.
- Attackers can steal administrator session cookies or perform actions on behalf of the administrator.
- It can lead to unauthorized access or control over the WordPress admin dashboard.
- The integrity and confidentiality of the admin interface can be compromised.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking if the WordPress Server Log Viewer plugin version 1.0 is installed and if it allows adding log files with unfiltered paths containing malicious scripts.'}, {'type': 'paragraph', 'content': 'One way to detect exploitation attempts is to look for suspicious log file paths containing JavaScript payloads or HTML tags in the stored logs.'}, {'type': 'paragraph', 'content': "Since the vulnerability involves the 'logpath' parameter in GET requests, monitoring HTTP requests to the WordPress admin interface for suspicious parameters like 'action=new' and 'logpath' with embedded scripts can help detect attempts."}, {'type': 'list_item', 'content': "Use web server access logs to grep for requests containing 'action=new' and 'logpath' parameters with suspicious content, e.g.:"}, {'type': 'list_item', 'content': "grep -i 'action=new' /var/log/apache2/access.log | grep 'logpath='"}, {'type': 'list_item', 'content': "Inspect the WordPress options table in the database for entries under 'server_logs' that contain suspicious script tags or HTML payloads."}, {'type': 'list_item', 'content': "Use SQL queries like: SELECT * FROM wp_options WHERE option_name = 'server_logs';"}, {'type': 'paragraph', 'content': 'Review the stored log file paths for any unescaped or suspicious JavaScript code that could indicate exploitation.'}] [3]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Immediate mitigation steps include disabling or uninstalling the WP Server Log Viewer plugin version 1.0 to prevent attackers from injecting malicious log file paths.'}, {'type': 'paragraph', 'content': 'If disabling the plugin is not immediately possible, restrict access to the WordPress admin interface to trusted users only, as the XSS payload executes in the admin dashboard.'}, {'type': 'paragraph', 'content': "Manually sanitize or remove any suspicious log file paths stored in the 'server_logs' option in the WordPress database to eliminate existing malicious payloads."}, {'type': 'paragraph', 'content': "Monitor and filter incoming requests to the WordPress admin interface to block attempts to add new log files with malicious payloads via the 'logpath' parameter."}, {'type': 'paragraph', 'content': 'Apply updates or patches if available from the plugin maintainer or consider using alternative plugins that properly sanitize input.'}] [1, 3]