cleantalk
Vulnerabilities and Security Researches

Team Master – A Modern WordPress Team Showcase, CVE-2026-8870

CVE, Research URL

CVE-2026-8870

Home page URL

Security reports for Team Master – A Modern WordPress Team Showcase

Application

Team Master – A Modern WordPress Team Showcase

Published on
May 27, 2026
Research Description
The Team Master – A Modern WordPress Team Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.1.2.
Status
vulnerable
Previous vulnerability researches
Geo Mashup (CVE-2026-27427) , May 28, 2026
Geo Mashup (CVE-2026-2416) , Apr 15, 2026
Geo Mashup (CVE-2018-14071) , Jun 07, 2024
Geo Mashup (CVE-2015-1383) , Jun 07, 2024
Geo Mashup (CVE-2022-4974) , Nov 15, 2024
New vulnerability
Livemesh SiteOrigin Widgets (CVE-2026-3896) , May 28, 2026
SMTP2GO for WordPress – Email Made Easy (CVE-2026-7621) , May 28, 2026
Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks (CVE-2026-42728) , May 28, 2026
Events In City (CVE-2026-8898) , May 28, 2026
ElementsKit Elementor addons (CVE-2026-49052) , May 28, 2026