cleantalk
Vulnerabilities and Security Researches

Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More, 1c2d20b2-12c7-44b9-9bb2-005ef81f8d10

CVE, Research URL

1c2d20b2-12c7-44b9-9bb2-005ef81f8d10

Home page URL

Security reports for Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More

Application

Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More

Published on
-
Research Description
Team Members &#8211; A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More [gs-team-members] < 2.2.4 GS Team Members &lt; 2.2.4 - Contributor+ Stored XSS The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin
Affected versions
max 2.2.4.
Status
vulnerable
Previous vulnerability researches
WordPress Connect (feaf7c04-4991-4c34-bfbf-d849a9e38599) , Jun 16, 2026
WordPress Connect (5b2d1beeae1454c4c4f60eac4f084fd504540b28) , Jun 16, 2026
WordPress Connect (b326cdbf2040aa8eeb688f951965600d9b290062) , Jun 06, 2024
New vulnerability
WP Attachment Export (d701aac7e487f87dedd3707d46ee92d11bf562fb) , Jun 16, 2026
Alley Business Toolkit (87154e111b969556cb336890f4d16d5782634526) , Jun 16, 2026
Alley Business Toolkit (6d8910c719b2a132ec93828cd37e418b19cac960) , Jun 16, 2026
Copy or Move Comments (d65776e8-5383-4b0a-82f6-c53751ea882c) , Jun 16, 2026
Copy or Move Comments (24f8cdac9228df7523d58ed6ae2a9ef029ffe0ea) , Jun 16, 2026