2 matches found
CVE-2021-24128 Team Members < 5.0.4 - Authenticated Stored Cross-Site Scripting (XSS)
Unvalidated input and lack of output encoding in the Team Members WordPress plugin, versions before 5.0.4, lead to Cross-site scripting vulnerabilities allowing medium-privileged authenticated attacker contributor+ to inject arbitrary web script or HTML via the 'Description/biography' of a member...
CVE-2021-24128
WordPress Team Members plugin vulnerability CVE-2021-24128 affects versions before 5.0.4. The issue is unvalidated input and lack of output encoding in the Description/biography field, enabling an authenticated, medium-privileged attacker (contributor+) to inject arbitrary web script or HTML (sto...