Team Members Security Vulnerabilities and Issues — Team Members CVE List

Lucene search

WpdarkoTeam Members

4 matches found

CVE•added 2022/05/30 9:15 a.m.•72 views

CVE-2022-1568

The Team Members WordPress plugin before 5.1.1 does not escape some of its Team settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

4.8CVSS4.8AI score0.00195EPSS

CVE•added 2023/01/02 10:15 p.m.•68 views

CVE-2022-3936

The Team Members WordPress plugin before 5.2.1 does not sanitize and escapes some of its settings, which could allow high-privilege users such as editors to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in a multisite setup).

4.8CVSS4.8AI score0.00152EPSS

CVE•added 2024/03/18 4:15 p.m.•58 views

CVE-2024-1331

The Team Members WordPress plugin before 5.3.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks.

6.1CVSS5.9AI score0.00167EPSS

CVE•added 2021/03/18 3:15 p.m.•35 views

CVE-2021-24128

Unvalidated input and lack of output encoding in the Team Members WordPress plugin, versions before 5.0.4, lead to Cross-site scripting vulnerabilities allowing medium-privileged authenticated attacker (contributor+) to inject arbitrary web script or HTML via the 'Description/biography' of a member...

5.4CVSS5.4AI score0.00188EPSS