Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8
CVE-2024-9236
- EPSS 0.06%
- Veröffentlicht 15.05.2025 20:16:00
- Zuletzt bearbeitet 12.06.2025 16:43:19
The Team WordPress plugin before 4.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for...
8.8
CVE-2022-2557
- EPSS 1.19%
- Veröffentlicht 22.08.2022 15:15:15
- Zuletzt bearbeitet 21.11.2024 07:01:14
The Team WordPress plugin before 4.1.2 contains a file which could allow any authenticated users to download arbitrary files from the server via a path traversal vector. Furthermore, the file will also be deleted after its content is returned to the ...
1