CVE-2021-24309: 
WordPress vulnerability analysis and mitigation

The vulnerability CVE-2021-24309 affects the Weekly Schedule WordPress plugin versions before 3.4.3. The issue was discovered by Viktor Markopoulos and was publicly disclosed on May 12, 2021. The vulnerability is related to improper input sanitization in the 'Schedule Name' field within the plugin's general options (WPScan).

This vulnerability is classified as an Authenticated Stored Cross-Site Scripting (XSS) issue with a CVSS score of 5.9 (medium severity). The vulnerability is tracked as CWE-79 and falls under the OWASP Top 10 category A7: Cross-Site Scripting (XSS). The technical issue stems from inadequate sanitization of the 'Schedule Name' input in the plugin's general options, which allows for the injection of malicious JavaScript code through HTML tags (WPScan).

When exploited, this vulnerability allows authenticated users to inject and store malicious JavaScript code in the WordPress site. Since this is a stored XSS vulnerability, the injected code would be executed whenever other users access the affected pages, potentially leading to unauthorized actions being performed in the context of the victim's session (WPScan).

The vulnerability has been fixed in version 3.4.3 of the Weekly Schedule WordPress plugin. Users are advised to update to this version or later to mitigate the security risk (WPScan).