CVE-2021-24771: 
WordPress vulnerability analysis and mitigation

The Inspirational Quote Rotator WordPress plugin through version 1.0.0 contains a stored Cross-Site Scripting (XSS) vulnerability. The vulnerability was discovered and disclosed on November 15, 2021, affecting the quote management functionality in the WordPress plugin (WPScan).

The vulnerability stems from improper sanitization and escaping of quote fields when adding or editing quotes as an administrator. This security flaw exists even when the unfiltered_html capability is disallowed. The vulnerability has been assigned a CVSS v3.1 base score of 4.8 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N, and a CVSS v2.0 score of 3.5 (Low). The vulnerability is classified as CWE-79: Improper Neutralization of Input During Web Page Generation (NVD).

When exploited, this vulnerability allows attackers with administrative access to inject malicious scripts through the quote fields, which are then executed when other users view the 'Quotes list' section. This could lead to potential client-side attacks against users viewing the compromised content (WPScan).

No known fix has been released for this vulnerability as of the last update. Users of the Inspirational Quote Rotator plugin should consider either removing the plugin or implementing additional security controls to restrict access to the quote management functionality (WPScan).