CVE-2021-24128
Team Members < 5.0.4 - Authenticated Stored Cross-Site Scripting (XSS)
Unvalidated input and lack of output encoding in the Team Members WordPress plugin, versions before 5.0.4, lead to Cross-site scripting vulnerabilities allowing medium-privileged authenticated attacker (contributor+) to inject arbitrary web script or HTML via the 'Description/biography' of a member.
Affected products
Unknown · Team MembersWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →