CVE-2021-24623

CVE-2021-24623: WordPress Advanced Ticket System < 1.0.64 - Authenticated Stored Cross-Site Scripting (XSS)

Vendor Unknown

Product WordPress Advanced Ticket System, Elite Support Helpdesk

Weakness CWE-79 · XSS

Published September 13, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The WordPress Advanced Ticket System, Elite Support Helpdesk WordPress plugin before 1.0.64 does not sanitize or escape form values before saving to the database or when outputting, which allows high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Key dates

02Disclosure timeline

September 13, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24623

Related vulnerabilities

04Related CVE

CVE-2025-30630 WordPress Global Translator plugin <= 2.0.2 - Cross Site Scripting (XSS) Vulnerability CVE-2025-48103 WordPress Today's Date Inserter plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability CVE-2025-5570 AI Engine <= 2.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting via `mwai_chatbot` Shortcode `id` Parameter CVE-2026-4078 ITERAS <= 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes CVE-2017-11481