{"vulnerability": "CVE-2021-24879", "sightings": [{"uuid": "48e0a7fb-4eb8-4fd9-b229-6c569b8e0417", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24879", "type": "seen", "source": "https://t.me/cibsecurity/36949", "content": "\u203c CVE-2021-24879 \u203c\n\nThe SupportCandy WordPress plugin before 2.2.7 does not have CSRF check in the wpsc_tickets AJAX action, nor has any sanitisation or escaping in some of the filter fields which could allow attackers to make a logged in user having access to the ticket lists dashboard set an arbitrary filter (stored in their cookies) with an XSS payload in it.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-07T18:35:01.000000Z"}]}