CVE-2024-38670
- EPSS 0.07%
- Veröffentlicht 20.07.2024 08:15:03
- Zuletzt bearbeitet 21.11.2024 09:26:35
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Team Members allows Stored XSS.This issue affects Team Members: from n/a through 5.3.3.
CVE-2024-1331
- EPSS 0.23%
- Veröffentlicht 18.03.2024 16:15:07
- Zuletzt bearbeitet 05.05.2025 18:08:54
The Team Members WordPress plugin before 5.3.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the author role and above to perform St...
CVE-2022-3936
- EPSS 0.18%
- Veröffentlicht 02.01.2023 22:15:15
- Zuletzt bearbeitet 10.04.2025 16:15:23
The Team Members WordPress plugin before 5.2.1 does not sanitize and escapes some of its settings, which could allow high-privilege users such as editors to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disal...
CVE-2022-1568
- EPSS 0.2%
- Veröffentlicht 30.05.2022 09:15:10
- Zuletzt bearbeitet 21.11.2024 06:40:59
The Team Members WordPress plugin before 5.1.1 does not escape some of its Team settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
CVE-2021-24128
- EPSS 0.33%
- Veröffentlicht 18.03.2021 15:15:14
- Zuletzt bearbeitet 21.11.2024 05:52:24
Unvalidated input and lack of output encoding in the Team Members WordPress plugin, versions before 5.0.4, lead to Cross-site scripting vulnerabilities allowing medium-privileged authenticated attacker (contributor+) to inject arbitrary web script or...