The Team Members WordPress plugin before 5.1.1 does not...
Moderate severity
Unreviewed
Published
May 31, 2022
to the GitHub Advisory Database
•
Updated Jan 27, 2023
Description
Published by the National Vulnerability Database
May 30, 2022
Published to the GitHub Advisory Database
May 31, 2022
Last updated
Jan 27, 2023
The Team Members WordPress plugin before 5.1.1 does not escape some of its Team settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
References