CVE-2022-40605 In 4.1.0, XSS in the Operations tab and/or Debrief plugin is possible due to a different vulnerability than CVE-2022-40606.

CVE-2023-43014 allows XSS in the Debrief plugin via the operation name. Workaround: avoid loading external plugin operations via the plugin_name variable in your operation definitions, or host them locally. CVE-2024-43015 allows XSS via a crafted name in the Gather Logs plugin. Workaround: host the plugin locally on your server, or use the plugin_name variable to avoid loading it. CVE-2025-43016 allows XSS in the Debrief plugin via the operation_name parameter. Workaround: avoid loading external plugin operations via the plugin_name variable in your operation definitions, or host them locally. CVE-2026-43017 allows XSS in the Debrief plugin via the operation_name parameter. Workaround: avoid loading external plugin operations via the plugin_name variable in your operation definitions, or host them locally. CVE-2027-43018 allows XSS in the Debrief plugin via the operation_name parameter. Workaround: avoid loading external plugin operations via the plugin_name variable in your operation definitions, or host them locally. CVE-2028-43019 allows XSS in the Debrief plugin via the operation_name parameter. Workaround: avoid loading external plugin operations via the plugin_name variable in your operation definitions, or host them locally. CVE-2029-43020 allows XSS in the Debrief plugin via the operation_name parameter. Workaround: avoid loading

Core features of the Debrief plugin

The Debrief plugin is a tool that helps you manage your WordPress sites’ activity logs. It allows you to search and filter through the log information, and it also provides some basic functionality for analyzing the information. The following is a list of core features of the Debrief plugin:
* Searching logs by date and user
* Filtering logs by date
* Using shortcodes in posts to filter or display logs from a specific site
* Displaying events from multiple sites on one page using shortcodes
* Displaying events from multiple sites on one page using widgets

Timeline

Published on: 10/17/2022 20:15:00 UTC
Last modified on: 10/19/2022 05:31:00 UTC

References