Exploit for Current Book <= 1.0.1 - Authenticated Stored Cross-Site Scripting (XSS) CVE-2021-24538

Name: Exploit for Current Book <= 1.0.1 - Authenticated Stored Cross-Site Scripting (XSS) CVE-2021-24538
Rating: 5 (102 reviews)

2021-07-14 | CVSS 3.5

## https://sploitus.com/exploit?id=WPEX-ID:F9911A43-0F4C-403F-9FCA-7822EB693317
1. Install WordPress 5.7.2
2. Install and activate Custom Book
3. Navigate to Tools &gt;&gt; Current Book and enter the XSS payload into the
Book and Author input field.
4. Click Update Options
5. You will observe that the payload successfully got stored into the
database and when you are triggering the same functionality at that time
JavaScript payload is executing successfully and we are getting a pop-up.


Screenshot: https://drive.google.com/folderview?id=1KGsxpWmWm8SbCO3aqBG-_A1UJhho2WhU