Team
Monthly
A missing authorization vulnerability exists in RadiusTheme Team plugin (versions up to 5.0.11) that allows attackers to exploit incorrectly configured access control security levels. This broken access control issue (CWE-862) enables unauthorized users to access or manipulate resources they should not have permission to access. The vulnerability affects the WordPress plugin tlp-team and has been documented by Patchstack as an authentication bypass vector, though no CVSS score, EPSS probability, or KEV status is currently available to assess active exploitation.
RadiusTheme Team versions up to 5.0.13 contain an access control misconfiguration that allows unauthenticated remote attackers to modify data through improper authorization checks. The vulnerability enables integrity compromise without requiring authentication or user interaction, affecting all installations running the affected version range. No patch is currently available.
The Team - Team Members Showcase Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the response() function in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
Multiple Authenticated (contributor or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in wpWax Team plugin <= 1.2.6 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in wpWax Team plugin <= 1.2.6 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A missing authorization vulnerability exists in RadiusTheme Team plugin (versions up to 5.0.11) that allows attackers to exploit incorrectly configured access control security levels. This broken access control issue (CWE-862) enables unauthorized users to access or manipulate resources they should not have permission to access. The vulnerability affects the WordPress plugin tlp-team and has been documented by Patchstack as an authentication bypass vector, though no CVSS score, EPSS probability, or KEV status is currently available to assess active exploitation.
RadiusTheme Team versions up to 5.0.13 contain an access control misconfiguration that allows unauthenticated remote attackers to modify data through improper authorization checks. The vulnerability enables integrity compromise without requiring authentication or user interaction, affecting all installations running the affected version range. No patch is currently available.
The Team - Team Members Showcase Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the response() function in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
Multiple Authenticated (contributor or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in wpWax Team plugin <= 1.2.6 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in wpWax Team plugin <= 1.2.6 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.