Cross site scripting

2021-03-1815:15:00

PRIOn knowledge base

www.prio-n.com

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.8%

JSON

Unvalidated input and lack of output encoding in the Team Members WordPress plugin, versions before 5.0.4, lead to Cross-site scripting vulnerabilities allowing medium-privileged authenticated attacker (contributor+) to inject arbitrary web script or HTML via the ‘Description/biography’ of a member.

CPENameOperatorVersion
team_memberslt5.0.4

CPE	Name	Operator	Version
	team_members	lt	5.0.4

References

wpscan.com/vulnerability/11dc3325-e696-4c9e-ba10-968416d5c864