4 matches found
CVE-2022-1568
CVE-2022-1568 – WordPress Team Members plugin (
CVE-2022-3936
CVE-2022-3936 affects the Team Members WordPress plugin prior to 5.2.1. The issue arises because the plugin does not fully sanitize and escape some settings, enabling Stored XSS by high-privilege users (e.g., editors), even when unfiltered_html is disallowed (including multisite setups). Public d...
CVE-2024-1331
CVE-2024-1331 affects the Team Members WordPress plugin prior to version 5.3.2. The vulnerability arises because certain shortcode attributes are not validated or escaped before being output in a post/page where the shortcode is embedded. This can allow users with the author role or higher to per...
CVE-2021-24128
WordPress Team Members plugin vulnerability CVE-2021-24128 affects versions before 5.0.4. The issue is unvalidated input and lack of output encoding in the Description/biography field, enabling an authenticated, medium-privileged attacker (contributor+) to inject arbitrary web script or HTML (sto...