CVE-2021-24246

CVE-2021-24246: WorkScout Core < 1.3.4 - Authenticated Stored XSS & XFS

Vendor Purethemes
Product Workscout Core
Weakness CWE-79 · XSS
Published May 5, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Workscout Core WordPress plugin before 1.3.4, used by the WorkScout Theme did not sanitise the chat messages sent via the workscout_send_message_chat AJAX action, leading to Stored Cross-Site Scripting and Cross-Frame Scripting issues

Key dates

02Disclosure timeline

May 5, 2021 CVE published
August 3, 2024 Record updated