CVE-2021-24246

Summary

The Workscout Core WordPress plugin before 1.3.4, used by the WorkScout Theme did not sanitise the chat messages sent via the workscout_send_message_chat AJAX action, leading to Stored Cross-Site Scripting and Cross-Frame Scripting issues

Affected Software

VendorProductVersion RangeStatus
PureThemesWorkscout Core1.3.4 < 1.3.4affected
PureThemesWorkScout2.0.33 < 2.0.33affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References