CVE-2021-24519

Name of the Vulnerable Software and Affected Versions VikRentCar Car Rental Management System WordPress plugin versions prior to 1.1.10

Description The issue allows high privilege users, such as admins, to use XSS payload in the 'Text Next to Icon' field when adding or editing a Characteristic, leading to an authenticated Stored Cross-Site Scripting issue.

Recommendations For versions prior to 1.1.10, update to version 1.1.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the 'Text Next to Icon' field for high privilege users until a patch is applied.