WordPress Bookshelf plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.Bookshelf plugin is an application plugin for WordPress. A cross-site scripting vulnerability exists in the Bookshelf...

CVE-2021-24478 Bookshelf <= 2.0.4 - Authenticated Stored Cross-Site Scripting (XSS)

The Bookshelf WordPress plugin through 2.0.4 does not sanitise or escape its "Paypal email address" setting before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue...

WordPress Bookshelf plugin <= 2.0.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by ABISHEIK M in WordPress Bookshelf plugin versions = 2.0.4. Solution Deactivate and delete. This plugin has been closed as of May 25, 2021 and is not available for download. Reason: Security Issue...

Bookshelf <= 2.0.4 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitise or escape its "Paypal email address" setting before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue Add the following payload in the "Paypal email address" setting of the plugin /wp-admin/admin.php?page=bookshelf-settings:...

Bookshelf <= 2.0.4 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitise or escape its "Paypal email address" setting before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue PoC Add the following payload in the "Paypal email address" setting of the plugin /wp-admin/admin.php?page=bookshelf-settings: ...