Current Book <= 1.0.1 – Authenticated Stored Cross-Site Scripting (XSS) | CVE 2021-24538 | Plugin Vulnerabilities

Description

The plugin does not sanitize user input when an authenticated user adds Author or Book Title, then does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue.

Proof of Concept

1. Install WordPress 5.7.2
2. Install and activate Custom Book
3. Navigate to Tools &gt;&gt; Current Book and enter the XSS payload into the
Book and Author input field.
4. Click Update Options
5. You will observe that the payload successfully got stored into the
database and when you are triggering the same functionality at that time
JavaScript payload is executing successfully and we are getting a pop-up.


Screenshot: https://drive.google.com/folderview?id=1KGsxpWmWm8SbCO3aqBG-_A1UJhho2WhU

Affects Plugins

No known fix

References

CVE

Exploitdb

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Vikas Srivastava

Submitter

Vikas Srivastava

Submitter website

https://www.linkedin.com/in/007vikaxh

Submitter twitter

Verified

Yes

WPVDB ID

f9911a43-0f4c-403f-9fca-7822eb693317

Timeline

Publicly Published

2021-07-14 (about 4 years ago)

Added

2021-07-17 (about 4 years ago)

Last Updated

2022-04-12 (about 3 years ago)

Other

Published

Title

Published

2025-02-14

Title

Email Keep <= 1.1 - Reflected XSS

Published

2025-04-24

Title

Ajax Comment Form CST <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Published

2023-11-07

Title

Countdown and CountUp, WooCommerce Sales Timer < 1.8.3 - Admin+ Stored XSS

Published

2025-01-06

Title

WooCommerce Digital Content Delivery (incl. DRM) – FlickRocket < 4.76 - Reflected Cross-Site Scripting

Published

2024-10-04

Title

WP Cleanup and Basic Functions <= 2.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload