Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More, 3b5dd4360c9d2bd00a44ffddd312b99fad00f12e

CVE, Research URL: 3b5dd4360c9d2bd00a44ffddd312b99fad00f12e
Home page URL: Security reports for Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More
Application: Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More
Published on: Nov 22, 2023
Research Description: Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More [gs-team-members] < 2.2.4 GS Team Members <= 2.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting The Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 2.2.4.
Status: vulnerable

Team Members &#8211; A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More, 3b5dd4360c9d2bd00a44ffddd312b99fad00f12e