CVE-2022-1568: Team Members < 5.1.1 - Admin+ Stored Cross-Site Scripting
First published: Mon May 30 2022(Updated: )
The Team Members WordPress plugin before 5.1.1 does not escape some of its Team settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wpdarko Team Members | <5.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-1568?
The severity of CVE-2022-1568 is medium with a severity value of 4.8.
How does CVE-2022-1568 affect the Team Members WordPress plugin?
CVE-2022-1568 affects the Team Members WordPress plugin before version 5.1.1.
What is the vulnerability type of CVE-2022-1568?
The vulnerability type of CVE-2022-1568 is Cross-Site Scripting (XSS).
Can high privilege users exploit CVE-2022-1568?
Yes, high privilege users such as admin can exploit CVE-2022-1568 to perform Cross-Site Scripting attacks.
Is there a fix available for CVE-2022-1568?
Yes, upgrading to version 5.1.1 of the Team Members WordPress plugin fixes CVE-2022-1568.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/severity
- agent/title
- agent/description
- agent/event
- agent/first-publish-date
- agent/tags
- agent/source
- vendor/wpdarko
- canonical/wpdarko team members