CVE-2021-24547: 
WordPress vulnerability analysis and mitigation

The KN Fix Your Title WordPress plugin through version 1.0.1 contains an Authenticated Stored Cross-Site Scripting (XSS) vulnerability in the separator field. The vulnerability was discovered by security researcher Aakash Choudhary and was publicly disclosed on July 20, 2021 (WPScan).

The vulnerability exists in the separator field of the plugin's settings page. When an authenticated user navigates to Fix Title under Settings Tab and enters malicious XSS payload into the Separator input field, the payload gets stored in the database. Upon triggering the functionality, the JavaScript payload executes successfully. The vulnerability is classified as CWE-79 and has been assigned a CVSS score of 3.5 (low) (WPScan).

This vulnerability allows authenticated users to inject and store malicious JavaScript code that can be executed in other users' browsers when they access the affected pages. The stored XSS can potentially lead to cookie theft, session hijacking, or other client-side attacks (WPScan).

As of the last update, there is no known fix available for this vulnerability. Users of the KN Fix Your Title plugin should consider either removing the plugin or implementing additional security controls to restrict access to the plugin's settings page (WPScan).