VYPR

Team

by WordPress

Source repositories

CVEs (10)

  • CVE-2025-14124HigJan 5, 2026
    risk 0.56cvss 8.6epss 0.02

    The Team WordPress plugin before 5.0.11 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.

  • CVE-2018-25162MedMar 6, 2026
    risk 0.42cvss 6.5epss 0.00

    2-Plan Team 1.0.4 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload executable PHP files by sending multipart form data to managefile.php. Attackers can upload PHP files through the userfile1 parameter with action=upload, which are…

  • CVE-2024-43321MedAug 18, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Team Showcase allows Stored XSS.This issue affects Team Showcase: from n/a through 1.22.23.

  • CVE-2026-43234MedMay 6, 2026
    risk 0.29cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: team: avoid NETDEV_CHANGEMTU event when unregistering slave syzbot is reporting unregister_netdevice: waiting for netdevsim0 to become free. Usage count = 3 ref_tracker: netdev@ffff88807dcf8618 has 1/2…

  • CVE-2025-68340Dec 23, 2025
    risk 0.00cvss epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: team: Move team device type change at the end of team_port_add Attempting to add a port device that is already up will expectedly fail, but not before modifying the team device header_ops. In the case of the…

  • CVE-2024-9236May 15, 2025
    risk 0.00cvss epss 0.00

    The Team WordPress plugin before 4.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

  • CVE-2024-13439Feb 15, 2025
    risk 0.00cvss epss 0.00

    The Team – Team Members Showcase Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the response() function in all versions up to, and including, 4.4.9. This makes it possible for authenticated attackers, with Subscriber-level…

  • CVE-2024-9923Oct 14, 2024
    risk 0.00cvss epss 0.01

    The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with administrator privileges to move arbitrary system files to the website root directory and access them.

  • CVE-2024-9922Oct 14, 2024
    risk 0.00cvss epss 0.01

    The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.

  • CVE-2024-9921Oct 14, 2024
    risk 0.00cvss epss 0.01

    The Team+ from TEAMPLUS TECHNOLOGY does not properly validate specific page parameter, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify and delete database contents.