Lucene search
K

8 matches found

Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Team Rosters plugin <= 4.7 - Reflected Cross-Site Scripting via 'tab' vulnerability

Reflected Cross-Site Scripting via 'tab' vulnerability discovered by vgo0 in WordPress Plugin Team Rosters versions = 4.7...

6.1CVSS5.4AI score0.00317EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/01/30 2:15 p.m.2 views

CVE-2024-12320

The Team Rosters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in all versions up to, and including, 4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...

6.1CVSS5.9AI score0.00317EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/01/30 1:42 p.m.17 views

CVE-2024-12320 Team Rosters <= 4.7 - Reflected Cross-Site Scripting via 'tab'

The Team Rosters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in all versions up to, and including, 4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...

6.1CVSS0.00317EPSS
Exploits0References4
CVE
CVE
added 2025/01/30 1:42 p.m.48 views

CVE-2024-12320

CVE-2024-12320 refers to a Reflected Cross-Site Scripting vulnerability in the WordPress plugin Team Rosters (versions up to 4.7). The issue arises from insufficient input sanitization and output escaping in the tab parameter, enabling unauthenticated attackers to inject web scripts into pages th...

6.1CVSS6AI score0.00317EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/30 12:0 a.m.6 views

PT-2025-1813 · WordPress · Team Rosters

Name of the Vulnerable Software and Affected Versions: Team Rosters plugin for WordPress versions up to, and including, 4.7 Description: The issue is related to Reflected Cross-Site Scripting via the tab parameter due to insufficient input sanitization and output escaping. This allows...

6.1CVSS8.7AI score0.00317EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2024/11/20 11:27 a.m.14 views

CVE-2024-52439 WordPress Team Rosters plugin <= 4.6 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Mark O’Donnell Team Rosters allows Object Injection.This issue affects Team Rosters: from n/a through 4.6...

9.8CVSS6.9AI score0.00541EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/11/18 8:51 a.m.3 views

WordPress Team Rosters plugin <= 4.8.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Team Rosters versions = 4.8.2...

9.8CVSS7.3AI score0.00541EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/11/18 12:0 a.m.10 views

WordPress Team Rosters Plugin <= 4.6 is vulnerable to PHP Object Injection

Software Team Rosters Type Plugin Vulnerable versions = 4.6 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-52439 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 946aef8ce4ba Credits Mika Required privilege Unauthenticated Publish...

9.8CVSS6.9AI score0.00541EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder