Description
The WordPress Advanced Ticket System, Elite Support Helpdesk WordPress plugin before 1.0.64 does not sanitize or escape form values before saving to the database or when outputting, which allows high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
References
https://wpscan.com/vulnerability/41d9027c-a982-44c7-889e-721333496b5c
ExploitThird Party Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2021-09-13T18:15:17.997
3 years agoLast modified
2021-09-23T14:26:48.770
3 years ago