CVE-2021-36893 – WordPress Responsive Tabs plugin <= 4.0.5 - Cross-Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2021-36893
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Responsive Tabs (WordPress plugin) <= 4.0.5 Una vulnerabilidad de tipo Cross-Site Scripting (XSS) Almacenado Autenticado (autor o rol de usuario superior) en Responsive Tabs (plugin de WordPress) versiones anteriores a 4.0.5 incluyéndola • https://patchstack.com/database/vulnerability/responsive-tabs/wordpress-responsive-tabs-plugin-4-0-5-cross-site-scripting-xss-vulnerability https://wordpress.org/plugins/responsive-tabs • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-24128 – Team Members < 5.0.4 - Authenticated Stored Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24128
Unvalidated input and lack of output encoding in the Team Members WordPress plugin, versions before 5.0.4, lead to Cross-site scripting vulnerabilities allowing medium-privileged authenticated attacker (contributor+) to inject arbitrary web script or HTML via the 'Description/biography' of a member. Una entrada no comprobada y una falta de codificación de salida en el plugin de WordPress Team Members, versiones anteriores a 5.0.4, conllevan a vulnerabilidades de tipo Cross-site scripting que permiten a un atacante autenticado con privilegios medios (colaborador+) inyectar script web o HTML arbitrario por medio de la "Description/biography" de un miembro • https://wpscan.com/vulnerability/11dc3325-e696-4c9e-ba10-968416d5c864 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •