CVE-2021-24623

Name of the Vulnerable Software and Affected Versions WordPress Advanced Ticket System, Elite Support Helpdesk WordPress plugin versions prior to 1.0.64

Description The issue allows high privilege users to perform Cross-Site Scripting attacks due to the lack of sanitization or escaping of form values before saving to the database or when outputting, even when the unfiltered html capability is disallowed.

Recommendations For versions prior to 1.0.64, update to version 1.0.64 or later to resolve the issue. As a temporary workaround, consider restricting the ability of high privilege users to input data into forms until a patch is applied.