RSS   Vulnerabilities for 'Team members'   RSS

2021-03-18
 
CVE-2021-24128

CWE-79
 

 
Unvalidated input and lack of output encoding in the Team Members WordPress plugin, versions before 5.0.4, lead to Cross-site scripting vulnerabilities allowing medium-privileged authenticated attacker (contributor+) to inject arbitrary web script or HTML via the 'Description/biography' of a member.

 

 >>> Vendor: Wpdarko 2 Products
Team members
Responsive tabs


Copyright 2024, cxsecurity.com

 

Back to Top