CVE-2022-3936
Summary
The Team Members WordPress plugin before 5.2.1 does not sanitize and escapes some of its settings, which could allow high-privilege users such as editors to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in a multisite setup).
- LOW
- NETWORK
- LOW
- CHANGED
- REQUIRED
- HIGH
- LOW
- NONE
References
Advisory Timeline
- Published