WordPress Team Members Showcase plugin <= 3.3.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Team Members versions = 3.3.0...

WordPress Team Members Showcase plugin <= 3.4.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Gregory Allegoet in WordPress Plugin Team Members Plugin versions = 3.4.0...

EUVD-2021-11042

Malware in sbrugna...

EUVD-2025-31398

Malicious code in bioql PyPI...

CVE-2025-8440

The Team Members plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the first and last name fields in all versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2025-8440

The Team Members plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the first and last name fields in all versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2025-8440

The CVE CVE-2025-8440 affects the Team Members WordPress plugin. A Stored Cross-Site Scripting (XSS) vulnerability exists in the first-name and last-name fields across all versions up to and including 5.3.5 due to insufficient input sanitization and output escaping. Attack prerequisites: authenti...

CVE-2025-8440 Team Members <= 5.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Team Members plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the first and last name fields in all versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2021-24128

Unvalidated input and lack of output encoding in the Team Members WordPress plugin, versions before 5.0.4, lead to Cross-site scripting vulnerabilities allowing medium-privileged authenticated attacker contributor+ to inject arbitrary web script or HTML via the 'Description/biography' of a member...

CVE-2025-3521

CVE-2025-3521 affects the WordPress plugin “Team Members – Best WordPress Team Plugin with Team Slider, Team Showcase & Team Builder” (vulnerable up to 3.4.0). The flaw is stored XSS in Social Link icons due to insufficient input sanitization and output escaping, exploitable by authenticated atta...

WordPress plugin Team Members 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in WordPress...

CVE-2025-31771

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sultan Nasir Uddin Team Members for Elementor Page Builder team-members-for-elementor allows Stored XSS.This issue affects Team Members for Elementor Page Builder: from n/a through = 1.0.4...

CVE-2025-30802 WordPress Our Team Members plugin <= 2.2 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPBean Our Team Members our-team-members.This issue affects Our Team Members: from n/a through = 2.2...

WordPress plugin Team Members for Elementor Page Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

WordPress Team Members Plugin <= 5.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Team Members Type Plugin Vulnerable versions = 5.3.3 Fixed in 5.3.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38670 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f0e47f407025 Credits Jean Tirstan T Required privilege...

WordPress Team Members Plugin < 5.3.2 is vulnerable to Cross Site Scripting (XSS)

Software Team Members Type Plugin Vulnerable versions 5.3.2 Fixed in 5.3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1331 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID fdcd0cb6fba4 Credits Dmitrii Ignatyev Required...

CVE-2024-1331

The Team Members WordPress plugin before 5.3.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-1331

The Team Members WordPress plugin before 5.3.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-1331 Team Members < 5.3.2 - Author+ Stored XSS

The Team Members WordPress plugin before 5.3.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks...

CVE-2022-3936

The Team Members WordPress plugin before 5.2.1 does not sanitize and escapes some of its settings, which could allow high-privilege users such as editors to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in a multisite setup...