WordPress · Tickera · CVE-2021-24797
Name of the Vulnerable Software and Affected Versions:
Tickera WordPress plugin versions prior to 3.4.8.3
Description:
The issue allows unauthenticated users to perform Cross-Site Scripting attacks against admins due to improper sanitization and escaping of the Name fields of booked Events in the Orders admin dashboard.
Recommendations:
For versions prior to 3.4.8.3, update to version 3.4.8.3 or later to resolve the issue.