CVE-2021-24538

The Current Book WordPress plugin through 1.0.1 does not sanitize user input when an authenticated user adds Author or Book Title, then does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue...

WordPress plugin Current Book 'Book Title and Author field' cross-site scripting vulnerability

WordPress is a blogging platform based on the PHP language, which can be used to set up websites on servers that support PHP and MySQL databases, and can also be used as a content management system CMS. cross-site scripting vulnerability exists in the WordPress plugin Current Book 'Book Title and...

CVE-2021-24538

The Current Book WordPress plugin through 1.0.1 does not sanitize user input when an authenticated user adds Author or Book Title, then does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue...

CVE-2021-24538 Current Book <= 1.0.1 - Authenticated Stored Cross-Site Scripting (XSS)

The Current Book WordPress plugin through 1.0.1 does not sanitize user input when an authenticated user adds Author or Book Title, then does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

WordPress Current Book plugin <= 1.0.1 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Vikas Srivastava in WordPress Current Book plugin versions = 1.0.1. Solution This plugin has been closed as of July 15, 2021 and is not available for download. This closure is temporary, pending a full review...

WordPress Plugin Current Book 1.0.1 - &#039;Book Title&#039; Persistent Cross-Site Scripting

Exploit Title: WordPress Plugin Current Book 1.0.1 - 'Book Title and Author field' Stored Cross-Site Scripting XSS Date: 14/07/2021 Exploit Author: Vikas Srivastava Vendor Homepage: Software Link: https://wordpress.org/plugins/current-book/ Version: 1.0.1 Category: Web Application How to Reproduc...