CVE-2022-3402 in Log HTTP Requests Plugin
Summary
by MITRE • 10/29/2022
The Log HTTP Requests plugin for WordPress is vulnerable to Stored Cross-Site Scripting via logged HTTP requests in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers who can trick a site's administrator into performing an action like clicking on a link, or an authenticated user with access to a page that sends a request using user-supplied data via the server, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 04/08/2026
The Log HTTP Requests plugin for WordPress presents a critical security vulnerability classified as stored cross-site scripting in versions up to and including 1.3.1. This vulnerability stems from inadequate input sanitization and output escaping mechanisms within the plugin's codebase, creating a persistent security risk that affects WordPress installations using this particular plugin. The flaw allows malicious actors to inject malicious scripts that execute in the context of other users' browsers when they access pages containing the stored malicious content.
The technical implementation of this vulnerability occurs through the plugin's logging functionality which records HTTP requests made to the WordPress site. When user-supplied data is not properly sanitized before being stored in the plugin's logs, attackers can craft malicious input that contains executable script code. This data remains stored within the plugin's database records and executes whenever administrators or other users view the logged requests within the plugin's administrative interface. The vulnerability is particularly dangerous because it requires no authentication from the attacker, only the ability to influence HTTP requests that get logged by the plugin.
From an operational perspective, this vulnerability creates significant risk for WordPress administrators who may unknowingly click on malicious links or be tricked into performing actions that trigger the injection of harmful scripts. The attack vector typically involves social engineering tactics where administrators are lured into clicking on links that generate HTTP requests containing malicious payloads. When these requests are processed and logged by the vulnerable plugin, the stored scripts execute in the browser context of any user who views the logged requests, potentially leading to session hijacking, credential theft, or further exploitation of the compromised systems. This vulnerability directly maps to CWE-79, which describes improper neutralization of input during web page generation, and aligns with ATT&CK technique T1566 for social engineering attacks.
The impact of this vulnerability extends beyond simple script execution as it can enable more sophisticated attacks including privilege escalation, data exfiltration, and persistent backdoor establishment. Administrators who view the plugin's logged requests become victims of the stored XSS attack, making this vulnerability particularly dangerous in environments where multiple administrators have access to the plugin's interface. The attack requires minimal technical expertise from the attacker while potentially providing maximum impact, making it a preferred target for threat actors seeking to compromise WordPress installations. Organizations should immediately update to patched versions of the plugin, implement proper input validation, and consider network-level monitoring to detect potential exploitation attempts.
Mitigation strategies should include immediate patching of the vulnerable plugin to the latest secure version, implementation of proper input validation and output escaping mechanisms, and regular security audits of installed plugins. Network administrators should monitor for suspicious HTTP requests and implement content security policies to prevent execution of unauthorized scripts. The vulnerability also highlights the importance of maintaining up-to-date security practices including regular plugin updates, proper access controls, and user education about social engineering risks. Organizations should conduct comprehensive vulnerability assessments to identify other potentially vulnerable plugins and ensure that all WordPress installations maintain current security standards and patch management processes.