CVE-2021-24128

CVE-2021-24128: Team Members < 5.0.4 - Authenticated Stored Cross-Site Scripting (XSS)

Vendor Unknown
Product Team Members
Weakness CWE-79 · XSS
Published March 18, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

Unvalidated input and lack of output encoding in the Team Members WordPress plugin, versions before 5.0.4, lead to Cross-site scripting vulnerabilities allowing medium-privileged authenticated attacker (contributor+) to inject arbitrary web script or HTML via the 'Description/biography' of a member.

Key dates

02Disclosure timeline

March 18, 2021 CVE published
August 3, 2024 Record updated