Vulnerabilities and security researches forgs-team-members gs-team-members
Direction: ascendingJun 07, 2024
Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More # 3c1d8c68c595f1ee3e539647c77afcaf012ecc44
- CVE, Research URL
- Home page URL
- Application
- Date
- Feb 28, 2022
- Research Description
- Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More [gs-team-members] < 1.11.0 WordPress WordPress Team Members – GS Plugins plugin <= 1.10.18 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress WordPress Team Members – GS Plugins plugin (versions <= 1.10.18).
- Affected versions
-
max 1.11.0.
- Status
-
vulnerable
Nov 15, 2024
Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More # CVE-2022-4974
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 16, 2024
- Research Description
- The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
- Affected versions
-
max 1.1.0.
- Status
-
vulnerable
May 02, 2026
Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More # CVE-2024-13362
- CVE, Research URL
- Home page URL
- Application
- Date
- May 01, 2026
- Research Description
- Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
- Affected versions
-
max 2.6.1.
- Status
-
vulnerable
Jun 14, 2026
Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More # CVE-2023-33999
- CVE, Research URL
- Home page URL
- Application
- Date
- Jun 11, 2026
- Research Description
- Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in WPVibes WP Mail Log allows DOM-Based XSS. This issue affects WP Mail Log: from n/a through 1.0.2.
- Affected versions
-
max 2.2.2.
- Status
-
vulnerable
Jun 16, 2026
Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More # b3b0ad93e612cf6e97eeff4fce7f19bb7a92a80a
- CVE, Research URL
- Home page URL
- Application
- Date
- Feb 28, 2022
- Research Description
- Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More [gs-team-members] < 1.11.0 WordPress WordPress Team Members – GS Plugins plugin <= 1.10.18 - Sensitive Information Disclosure vulnerability Sensitive Information Disclosure vulnerability discovered in WordPress WordPress Team Members – GS Plugins plugin (versions <= 1.10.18).
- Affected versions
-
max 1.11.0.
- Status
-
vulnerable
Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More # 6d8910c719b2a132ec93828cd37e418b19cac960
- CVE, Research URL
- Home page URL
- Application
- Date
- Mar 04, 2022
- Research Description
- Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More [gs-team-members] < 1.1.0 Freemius SDK <= 2.4.2 - Missing Authorization Checks The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
- Affected versions
-
max 1.1.0.
- Status
-
vulnerable
Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More # 2d933d2d5eb05c0dbd13f76b3a4d56b8acff59a8
- CVE, Research URL
- Home page URL
- Application
- Date
- Nov 23, 2023
- Research Description
- Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More [gs-team-members] < 2.2.4 WordPress WordPress Team Members – GS Plugins Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS) Update the WordPress WordPress Team Members – GS Plugins plugin to the latest available version (at least 2.2.4). Unknown discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress WordPress Team Members – GS Plugins Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 2.2.4.
- Affected versions
-
max 2.2.4.
- Status
-
vulnerable
Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More # 3b5dd4360c9d2bd00a44ffddd312b99fad00f12e
- CVE, Research URL
- Home page URL
- Application
- Date
- Nov 22, 2023
- Research Description
- Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More [gs-team-members] < 2.2.4 GS Team Members <= 2.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting The Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
max 2.2.4.
- Status
-
vulnerable
Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More # 1c2d20b2-12c7-44b9-9bb2-005ef81f8d10
- CVE, Research URL
- Home page URL
- Application
- Date
- -
- Research Description
- Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More [gs-team-members] < 2.2.4 GS Team Members < 2.2.4 - Contributor+ Stored XSS The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin
- Affected versions
-
max 2.2.4.
- Status
-
vulnerable