Skip to main content

Team

5 CVEs product

Monthly

CVE-2026-25026 HIGH This Week

A missing authorization vulnerability exists in RadiusTheme Team plugin (versions up to 5.0.11) that allows attackers to exploit incorrectly configured access control security levels. This broken access control issue (CWE-862) enables unauthorized users to access or manipulate resources they should not have permission to access. The vulnerability affects the WordPress plugin tlp-team and has been documented by Patchstack as an authentication bypass vector, though no CVSS score, EPSS probability, or KEV status is currently available to assess active exploitation.

Authentication Bypass Team
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-32396 MEDIUM This Month

RadiusTheme Team versions up to 5.0.13 contain an access control misconfiguration that allows unauthenticated remote attackers to modify data through improper authorization checks. The vulnerability enables integrity compromise without requiring authentication or user interaction, affecting all installations running the affected version range. No patch is currently available.

Authentication Bypass Team
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2024-13439 MEDIUM PATCH This Month

The Team - Team Members Showcase Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the response() function in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Team
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2022-34853 MEDIUM This Month

Multiple Authenticated (contributor or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in wpWax Team plugin <= 1.2.6 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Team
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-34650 MEDIUM This Month

Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in wpWax Team plugin <= 1.2.6 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Team
NVD
CVSS 3.1
5.4
EPSS
0.5%
EPSS 0% CVSS 7.5
HIGH This Week

A missing authorization vulnerability exists in RadiusTheme Team plugin (versions up to 5.0.11) that allows attackers to exploit incorrectly configured access control security levels. This broken access control issue (CWE-862) enables unauthorized users to access or manipulate resources they should not have permission to access. The vulnerability affects the WordPress plugin tlp-team and has been documented by Patchstack as an authentication bypass vector, though no CVSS score, EPSS probability, or KEV status is currently available to assess active exploitation.

Authentication Bypass Team
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

RadiusTheme Team versions up to 5.0.13 contain an access control misconfiguration that allows unauthenticated remote attackers to modify data through improper authorization checks. The vulnerability enables integrity compromise without requiring authentication or user interaction, affecting all installations running the affected version range. No patch is currently available.

Authentication Bypass Team
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The Team - Team Members Showcase Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the response() function in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Team
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Multiple Authenticated (contributor or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in wpWax Team plugin <= 1.2.6 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Team
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in wpWax Team plugin <= 1.2.6 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Team
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy