The plugin does not sanitize user input when an authenticated user adds Author or Book Title, then does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue.
Proof of Concept
No known fix - plugin closed
2021-07-14 (about 3 months ago)
2021-07-17 (about 3 months ago)
2021-07-30 (about 2 months ago)