Vulnerabilities and security researches formybookprogress mybookprogress

Jan 18, 2025

CVE, Research URL: CVE-2024-12598
Home page URL: Security reports for MyBookProgress by Stormhill Media
Application: MyBookProgress by Stormhill Media
Date: Jan 17, 2025
Research Description: The MyBookProgress by Stormhill Media plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘book’ parameter in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Apr 03, 2025

CVE, Research URL: CVE-2025-31887
Home page URL: Security reports for MyBookProgress by Stormhill Media
Application: MyBookProgress by Stormhill Media
Date: Apr 01, 2025
Research Description: Missing Authorization vulnerability in zookatron MyBookProgress by Stormhill Media allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MyBookProgress by Stormhill Media: from n/a through 1.0.8.
Affected versions: Min -, max -.
Status: vulnerable