CVE-2024-12598

The MyBookProgress plugin for WordPress, developed by Stormhill Media, is susceptible to Stored Cross-Site Scripting (XSS) attacks due to inadequate input sanitization and output escaping. This issue affects all versions up to and including 1.0.8, specifically through the 'book' parameter. Authenticated attackers with Contributor-level access or higher can inject arbitrary web scripts into pages, which will execute when a user accesses an injected page. An exploit is available, demonstrating the severity of this issue.

Affected versions: up to and including 1.0.8 Vulnerable software: MyBookProgress plugin for WordPress Exploitation method: Stored Cross-Site Scripting via the 'book' parameter

#MyBookProgress #WordPress #StoredXSS #StormhillMedia #CrossSiteScripting