Wpdarko: Security Vulnerabilities
The Team Members WordPress plugin before 5.1.1 does not escape some of its Team settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
CVSS Score
4.8
EPSS Score
0.002
Published
2022-05-30
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Responsive Tabs (WordPress plugin) <= 4.0.5
CVSS Score
4.8
EPSS Score
0.003
Published
2022-04-11
Unvalidated input and lack of output encoding in the Team Members WordPress plugin, versions before 5.0.4, lead to Cross-site scripting vulnerabilities allowing medium-privileged authenticated attacker (contributor+) to inject arbitrary web script or HTML via the 'Description/biography' of a member.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-03-18
Page 2