CVE-2021-24538

Name of the Vulnerable Software and Affected Versions The Current Book WordPress plugin versions 1.0.1 and earlier

Description The issue arises from the plugin's failure to sanitize user input when an authenticated user adds an Author or Book Title. This lack of sanitization, combined with the failure to escape these values when outputting to the browser, leads to an Authenticated Stored XSS Cross-Site Scripting issue.

Recommendations For versions 1.0.1 and earlier, update to a version that properly sanitizes user input and escapes output values to prevent XSS attacks. As a temporary workaround, consider restricting the ability of authenticated users to add Author or Book Title entries until a patch is available.