CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31907 – WordPress Team Builder plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-31907
03 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Labib Ahmed Team Builder allows Reflected XSS. This issue affects Team Builder: from n/a through 1.3. The Team Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can succe... • https://patchstack.com/database/wordpress/plugin/team-display/vulnerability/wordpress-team-builder-plugin-1-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31905 – WordPress Team Rosters Plugin <= 4.7 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-31905
02 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Team Rosters allows Reflected XSS. This issue affects Team Rosters: from n/a through 4.7. The Team Rosters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successf... • https://patchstack.com/database/wordpress/plugin/team-rosters/vulnerability/wordpress-team-rosters-plugin-4-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31771 – WordPress Team Members for Elementor Page Builder plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-31771
01 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sultan Nasir Uddin Team Members for Elementor Page Builder allows Stored XSS. This issue affects Team Members for Elementor Page Builder: from n/a through 1.0.4. The Team Members for Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticat... • https://patchstack.com/database/wordpress/plugin/team-members-for-elementor/vulnerability/wordpress-team-members-for-elementor-page-builder-plugin-1-0-4-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30868 – WordPress Team Manager plugin <= 2.1.23 - Local File Inclusion Vulnerability
https://notcve.org/view.php?id=CVE-2025-30868
27 Mar 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in DynamicWebLab Team Manager allows PHP Local File Inclusion. This issue affects Team Manager: from n/a through 2.1.23. The Team Manager plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.1.23. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing... • https://patchstack.com/database/wordpress/plugin/wp-team-manager/vulnerability/wordpress-team-manager-plugin-2-1-23-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30802 – WordPress Our Team Members plugin <= 2.2 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-30802
27 Mar 2025 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPBean Our Team Members. This issue affects Our Team Members: from n/a through 2.2. The Our Team Members – Team Members WordPress Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpsf_export_options() function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export ... • https://patchstack.com/database/wordpress/plugin/our-team-members/vulnerability/wordpress-our-team-members-plugin-2-2-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26949 – WordPress Team Section Block plugin <= 1.0.9 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-26949
23 Feb 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Team Section Block allows Stored XSS. This issue affects Team Section Block: from n/a through 1.0.9. The Team Section Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrar... • https://patchstack.com/database/wordpress/plugin/team-section/vulnerability/wordpress-team-section-block-plugin-1-0-9-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23512 – WordPress Team 118GROUP Agent plugin <= 1.6.0 - Arbitrary Content Deletion vulnerability
https://notcve.org/view.php?id=CVE-2025-23512
16 Jan 2025 — Missing Authorization vulnerability in Team118GROUP Team 118GROUP Agent allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Team 118GROUP Agent: from n/a through 1.6.0. The Team 118GROUP Agent plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to delete arbitrary content. • https://patchstack.com/database/wordpress/plugin/team-118group-agent/vulnerability/wordpress-team-118group-agent-plugin-1-6-0-arbitrary-content-deletion-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52439 – WordPress Team Rosters plugin <= 4.6 - PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-52439
18 Nov 2024 — Deserialization of Untrusted Data vulnerability in Mark O’Donnell Team Rosters allows Object Injection.This issue affects Team Rosters: from n/a through 4.6. La vulnerabilidad de deserialización de datos no confiables en Mark O’Donnell Team Rosters permite la inyección de objetos. Este problema afecta a las listas de equipos: desde n/a hasta 4.6. The Team Rosters plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.7 via deserialization of untrusted input. This make... • https://patchstack.com/database/vulnerability/team-rosters/wordpress-team-rosters-plugin-4-6-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52385 – WordPress Team Member – Multi Language Supported Team plugin <= 7.3 - Limited Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-52385
11 Nov 2024 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Sk. Abul Hasan Team Member.This issue affects Team Member: from n/a through 7.3. The Team Member plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 7.4. This makes it possible for authenticated attackers, with editor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files.... • https://patchstack.com/database/wordpress/plugin/team-showcase-supreme/vulnerability/wordpress-team-member-multi-language-supported-team-plugin-7-1-limited-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51871 – WordPress Luzuk Team plugin <= 0.1.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-51871
08 Nov 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Luzuk Luzuk Team allows Stored XSS.This issue affects Luzuk Team: from n/a through 0.1.0. The Luzuk Team plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that ... • https://patchstack.com/database/vulnerability/luzuk-team/wordpress-luzuk-team-plugin-0-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •