CVE-2021-24622

Name of the Vulnerable Software and Affected Versions Customer Service Software & Support Ticket System WordPress plugin versions prior to 5.10.4

Description The issue allows high privilege users to perform Cross-Site Scripting attacks due to the lack of sanitization or escaping of form fields before outputting them in the List, even when the unfiltered html capability is disallowed.

Recommendations For versions prior to 5.10.4, update to version 5.10.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the form fields in the List to minimize the risk of exploitation.