Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for WordPress Advanced Ticket System, Elite Support Helpdesk by Unknown
CVE-2021-24623 (GCVE-0-2021-24623)
Vulnerability from nvd – Published: 2021-09-13 17:56 – Updated: 2024-08-03 19:35
VLAI?
Title
WordPress Advanced Ticket System < 1.0.64 - Authenticated Stored Cross-Site Scripting (XSS)
Summary
The WordPress Advanced Ticket System, Elite Support Helpdesk WordPress plugin before 1.0.64 does not sanitize or escape form values before saving to the database or when outputting, which allows high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | WordPress Advanced Ticket System, Elite Support Helpdesk |
Affected:
1.0.64 , < 1.0.64
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:35:20.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/41d9027c-a982-44c7-889e-721333496b5c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WordPress Advanced Ticket System, Elite Support Helpdesk",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.0.64",
"status": "affected",
"version": "1.0.64",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tri Wanda Septian"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WordPress Advanced Ticket System, Elite Support Helpdesk WordPress plugin before 1.0.64 does not sanitize or escape form values before saving to the database or when outputting, which allows high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T17:56:36.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/41d9027c-a982-44c7-889e-721333496b5c"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "WordPress Advanced Ticket System \u003c 1.0.64 - Authenticated Stored Cross-Site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24623",
"STATE": "PUBLIC",
"TITLE": "WordPress Advanced Ticket System \u003c 1.0.64 - Authenticated Stored Cross-Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WordPress Advanced Ticket System, Elite Support Helpdesk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.0.64",
"version_value": "1.0.64"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tri Wanda Septian"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WordPress Advanced Ticket System, Elite Support Helpdesk WordPress plugin before 1.0.64 does not sanitize or escape form values before saving to the database or when outputting, which allows high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/41d9027c-a982-44c7-889e-721333496b5c",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/41d9027c-a982-44c7-889e-721333496b5c"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24623",
"datePublished": "2021-09-13T17:56:36.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:35:20.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24623 (GCVE-0-2021-24623)
Vulnerability from cvelistv5 – Published: 2021-09-13 17:56 – Updated: 2024-08-03 19:35
VLAI?
Title
WordPress Advanced Ticket System < 1.0.64 - Authenticated Stored Cross-Site Scripting (XSS)
Summary
The WordPress Advanced Ticket System, Elite Support Helpdesk WordPress plugin before 1.0.64 does not sanitize or escape form values before saving to the database or when outputting, which allows high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | WordPress Advanced Ticket System, Elite Support Helpdesk |
Affected:
1.0.64 , < 1.0.64
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:35:20.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/41d9027c-a982-44c7-889e-721333496b5c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WordPress Advanced Ticket System, Elite Support Helpdesk",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.0.64",
"status": "affected",
"version": "1.0.64",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tri Wanda Septian"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WordPress Advanced Ticket System, Elite Support Helpdesk WordPress plugin before 1.0.64 does not sanitize or escape form values before saving to the database or when outputting, which allows high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T17:56:36.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/41d9027c-a982-44c7-889e-721333496b5c"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "WordPress Advanced Ticket System \u003c 1.0.64 - Authenticated Stored Cross-Site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24623",
"STATE": "PUBLIC",
"TITLE": "WordPress Advanced Ticket System \u003c 1.0.64 - Authenticated Stored Cross-Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WordPress Advanced Ticket System, Elite Support Helpdesk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.0.64",
"version_value": "1.0.64"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tri Wanda Septian"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WordPress Advanced Ticket System, Elite Support Helpdesk WordPress plugin before 1.0.64 does not sanitize or escape form values before saving to the database or when outputting, which allows high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/41d9027c-a982-44c7-889e-721333496b5c",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/41d9027c-a982-44c7-889e-721333496b5c"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24623",
"datePublished": "2021-09-13T17:56:36.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:35:20.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}