CVE-2023-43014 allows XSS in the Debrief plugin via the operation name. Workaround: avoid loading external plugin operations via the plugin_name variable in your operation definitions, or host them locally. CVE-2024-43015 allows XSS via a crafted name in the Gather Logs plugin. Workaround: host the plugin locally on your server, or use the plugin_name variable to avoid loading it. CVE-2025-43016 allows XSS in the Debrief plugin via the operation_name parameter. Workaround: avoid loading external plugin operations via the plugin_name variable in your operation definitions, or host them locally. CVE-2026-43017 allows XSS in the Debrief plugin via the operation_name parameter. Workaround: avoid loading external plugin operations via the plugin_name variable in your operation definitions, or host them locally. CVE-2027-43018 allows XSS in the Debrief plugin via the operation_name parameter. Workaround: avoid loading external plugin operations via the plugin_name variable in your operation definitions, or host them locally. CVE-2028-43019 allows XSS in the Debrief plugin via the operation_name parameter. Workaround: avoid loading external plugin operations via the plugin_name variable in your operation definitions, or host them locally. CVE-2029-43020 allows XSS in the Debrief plugin via the operation_name parameter. Workaround: avoid loading
Core features of the Debrief plugin
The Debrief plugin is a tool that helps you manage your WordPress sites’ activity logs. It allows you to search and filter through the log information, and it also provides some basic functionality for analyzing the information. The following is a list of core features of the Debrief plugin:
* Searching logs by date and user
* Filtering logs by date
* Using shortcodes in posts to filter or display logs from a specific site
* Displaying events from multiple sites on one page using shortcodes
* Displaying events from multiple sites on one page using widgets
Timeline
Published on: 10/17/2022 20:15:00 UTC
Last modified on: 10/19/2022 05:31:00 UTC