CVE-2021-24787

Name of the Vulnerable Software and Affected Versions: Client Invoicing by Sprout Invoices WordPress plugin versions prior to 19.9.7

Description: The issue allows high privilege users to perform Cross-Site Scripting attacks due to the plugin not sanitizing and escaping some of its settings, even when the unfiltered html capability is disallowed.

Recommendations: For versions prior to 19.9.7, update to version 19.9.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings for high privilege users until the update is applied.