VYPR

Team WordPress plugin

by WordPress

CVEs (2)

  • CVE-2022-2557HigAug 22, 2022
    risk 0.57cvss 8.8epss 0.01

    The Team WordPress plugin before 4.1.2 contains a file which could allow any authenticated users to download arbitrary files from the server via a path traversal vector. Furthermore, the file will also be deleted after its content is returned to the user

  • CVE-2024-10223MedOct 30, 2024
    risk 0.35cvss 6.4epss 0.00

    The WP Team – WordPress Team Member Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's htteamember shortcode in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied…