Search Results (3 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-12114 2 Wordpress, Wpmart 2 Wordpress, Team Members – Multi Language Supported Team Plugin 2026-07-01 4.4 Medium
The Team Members – Multi Language Supported Team Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
CVE-2025-68060 2 Wordpress, Wpmart 2 Wordpress, Team Member 2026-05-07 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPMart Team Member allows Blind SQL Injection. This issue affects Team Member: from n/a through 8.5.
CVE-2023-23647 1 Wpmart 1 Team Member - Team With Slider 2025-01-09 5.9 Medium
Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Sk. Abul Hasan Team Member – Team with Slider plugin <= 4.4 versions.