Lucene search

K
wpvulndbSunCSR (Sun Cyber Security Research)WPVDB-ID:11DC3325-E696-4C9E-BA10-968416D5C864
HistoryMay 16, 2020 - 12:00 a.m.

Team Members < 5.0.4 - Authenticated Stored Cross-Site Scripting (XSS)

2020-05-1600:00:00
SunCSR (Sun Cyber Security Research)
wpscan.com
6

0.001 Low

EPSS

Percentile

24.8%

Cross-site scripting vulnerabilities in Team Members version 5.0.3 and lower allow medium-privileged authenticated attacker (contributor+) to inject arbitrary web script or HTML via the ‘Description/biography’ of a member.

PoC

https://drive.google.com/file/d/1w5AmyBEOxAmtQ0T3uGKAB3o9w3ihNRAj/view Add a user to a team, then use in the ‘Description/biography’ field.

CPENameOperatorVersion
team-memberslt5.0.4

0.001 Low

EPSS

Percentile

24.8%

Related for WPVDB-ID:11DC3325-E696-4C9E-BA10-968416D5C864