cleantalk
Vulnerabilities and Security Researches

Team Master – A Modern WordPress Team Showcase, CVE-2026-8870

CVE, Research URL

CVE-2026-8870

Home page URL

Security reports for Team Master – A Modern WordPress Team Showcase

Application

Team Master – A Modern WordPress Team Showcase

Published on
May 27, 2026
Research Description
The Team Master – A Modern WordPress Team Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.1.2.
Status
vulnerable
Previous vulnerability researches
Sunshine Photo Cart: Free Client Galleries for Photographers (CVE-2026-39564) , Apr 14, 2026
Sunshine Photo Cart: Free Client Galleries for Photographers (CVE-2024-44038) , Sep 28, 2024
Sunshine Photo Cart: Free Client Galleries for Photographers (CVE-2026-24994) , Feb 28, 2026
Sunshine Photo Cart: Free Client Galleries for Photographers (CVE-2025-67973) , Feb 28, 2026
Sunshine Photo Cart: Free Client Galleries for Photographers (CVE-2024-43971) , Sep 01, 2024
New vulnerability
PDF Embedder (CVE-2026-7526) , May 28, 2026
Mutual Funds Data (CVE-2026-8869) , May 28, 2026
CDN Linker lite (CVE-2026-8941) , May 28, 2026
Team Master – A Modern WordPress Team Showcase (CVE-2026-8870) , May 28, 2026
Animate Your Content (CVE-2026-8872) , May 28, 2026