CVE-2021-24246

Name of the Vulnerable Software and Affected Versions Workscout Core WordPress plugin versions prior to 1.3.4

Description The issue arises from the lack of sanitization of chat messages sent via the workscout send message chat AJAX action, leading to Stored Cross-Site Scripting and Cross-Frame Scripting issues.

Recommendations For versions prior to 1.3.4, update to version 1.3.4 or later to resolve the issue. As a temporary workaround, consider disabling the workscout send message chat AJAX action until a patch is available. Restrict access to the chat functionality to minimize the risk of exploitation.