CVE-2021-24128: XSS
First published: Thu Mar 18 2021(Updated: )
Unvalidated input and lack of output encoding in the Team Members WordPress plugin, versions before 5.0.4, lead to Cross-site scripting vulnerabilities allowing medium-privileged authenticated attacker (contributor+) to inject arbitrary web script or HTML via the 'Description/biography' of a member.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wpdarko Team Members | <5.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for the Team Members WordPress plugin?
The vulnerability ID for the Team Members WordPress plugin is CVE-2021-24128.
What is the impact of the CVE-2021-24128 vulnerability?
The CVE-2021-24128 vulnerability in the Team Members WordPress plugin allows a medium-privileged authenticated attacker to inject arbitrary web script or HTML.
What is the severity level of the CVE-2021-24128 vulnerability?
The severity level of the CVE-2021-24128 vulnerability is medium with a CVSS score of 5.4.
Which versions of the Team Members WordPress plugin are affected by the CVE-2021-24128 vulnerability?
The CVE-2021-24128 vulnerability affects versions of the Team Members WordPress plugin before 5.0.4.
How can the CVE-2021-24128 vulnerability be fixed?
To fix the CVE-2021-24128 vulnerability, update the Team Members WordPress plugin to version 5.0.4 or later.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/author
- agent/tags
- agent/references
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/wpdarko
- canonical/wpdarko team members