CVE-2021-24713: 
WordPress vulnerability analysis and mitigation

CVE-2021-24713 is a stored Cross-Site Scripting (XSS) vulnerability affecting the WordPress plugins CM Video Lesson Manager and CM Video Lesson Manager Pro. The vulnerability was discovered by Shivam Rai and publicly disclosed on October 25, 2021. The affected plugins failed to properly sanitize and escape values when updating their settings, potentially allowing high-privilege users to perform Cross-Site Scripting attacks (WPScan).

The vulnerability is classified as a Cross-Site Scripting (XSS) issue, categorized under CWE-79 and OWASP Top 10 A7. It received a CVSS score of 3.3 (low severity). The vulnerability exists in the plugin's Settings page, specifically in the Label Tab where the 'channel' or 'channels' fields are not properly sanitized. This allows for the injection of malicious JavaScript code that executes when the settings page is visited (WPScan).

The vulnerability allows high-privilege users to inject and execute malicious JavaScript code in the context of other users' browsers who visit the affected pages. This could potentially lead to unauthorized actions and data exposure within the WordPress admin interface (WPScan).

The vulnerability has been fixed in version 1.7.2 of CM Video Lesson Manager and version 3.5.9 of CM Video Lesson Manager Pro. Users are advised to update their installations to these or later versions to mitigate the risk (WPScan).