CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38670 – WordPress Team Members plugin <= 5.3.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-38670
10 Jul 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Team Members allows Stored XSS.This issue affects Team Members: from n/a through 5.3.3. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en Team Members permite XSS almacenado. Este problema afecta a Team Members: desde n/a hasta 5.3.3. The Team Members plugin for WordPress is vulnerable to Stored Cross-Site Scripting in ver... • https://patchstack.com/database/vulnerability/team-members/wordpress-team-members-plugin-5-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1331 – Team Members < 5.3.2 - Author+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-1331
26 Feb 2024 — The Team Members WordPress plugin before 5.3.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks. El complemento Team Members de WordPress anterior a 5.3.2 no valida ni escapa algunos de sus atributos de shortcode antes de devolverlos a una página/publicación donde está incrustado el shortcode, lo que podría permitir a los ... • https://wpscan.com/vulnerability/b2bac900-3d8f-406c-b03d-c8db156acc59 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3936 – Team Members < 5.2.1 - Editor+ Stored XSS
https://notcve.org/view.php?id=CVE-2022-3936
09 Dec 2022 — The Team Members WordPress plugin before 5.2.1 does not sanitize and escapes some of its settings, which could allow high-privilege users such as editors to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in a multisite setup). El complemento Team Members de WordPress anterior a 5.2.1 no sanitiza ni escapa a algunas de sus configuraciones, lo que podría permitir a usuarios con altos privilegios, como editores, realizar cross-site scripting alm... • https://wpscan.com/vulnerability/921daea1-a06d-4310-8bd9-4db32605e500 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1568 – Team Members < 5.1.1 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-1568
09 May 2022 — The Team Members WordPress plugin before 5.1.1 does not escape some of its Team settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed El plugin Team Members de WordPress versiones anteriores a 5.1.1, no escapa de algunas de sus configuraciones de Equipo, lo que podría permitir a usuarios con altos privilegios, como los administradores, llevar a cabo ataques de tipo Cross-Site Scripting incluso cuando unfiltered_html est... • https://wpscan.com/vulnerability/88328d17-ffc9-4b94-8b01-ad2fd3047fbc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24128 – Team Members < 5.0.4 - Authenticated Stored Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24128
16 May 2020 — Unvalidated input and lack of output encoding in the Team Members WordPress plugin, versions before 5.0.4, lead to Cross-site scripting vulnerabilities allowing medium-privileged authenticated attacker (contributor+) to inject arbitrary web script or HTML via the 'Description/biography' of a member. Una entrada no comprobada y una falta de codificación de salida en el plugin de WordPress Team Members, versiones anteriores a 5.0.4, conllevan a vulnerabilidades de tipo Cross-site scripting que permiten a un a... • https://wpscan.com/vulnerability/11dc3325-e696-4c9e-ba10-968416d5c864 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •