Skip to main content

Team Members Multi Language Supported Team Plugin

1 CVEs product

Monthly

CVE-2026-12114 MEDIUM This Month

Persistent script injection in the Team Members - Multi Language Supported Team Plugin for WordPress (all versions through 8.7) enables authenticated administrators to embed malicious JavaScript into site pages via insufficient sanitization and escaping in admin settings fields, with injected payloads executing silently for every subsequent page visitor. The vulnerability is constrained to two non-default deployment scenarios: WordPress multisite network installations and single-site installations where the unfiltered_html capability has been explicitly revoked from administrators - standard single-site installs are unaffected. No active exploitation has been confirmed (not in CISA KEV) and no public proof-of-concept exists, placing real-world risk well below what the scope-changed CVSS vector might initially suggest.

WordPress XSS Team Members Multi Language Supported Team Plugin
NVD
CVSS 3.1
4.4
EPSS
0.2%
EPSS 0% CVSS 4.4
MEDIUM This Month

Persistent script injection in the Team Members - Multi Language Supported Team Plugin for WordPress (all versions through 8.7) enables authenticated administrators to embed malicious JavaScript into site pages via insufficient sanitization and escaping in admin settings fields, with injected payloads executing silently for every subsequent page visitor. The vulnerability is constrained to two non-default deployment scenarios: WordPress multisite network installations and single-site installations where the unfiltered_html capability has been explicitly revoked from administrators - standard single-site installs are unaffected. No active exploitation has been confirmed (not in CISA KEV) and no public proof-of-concept exists, placing real-world risk well below what the scope-changed CVSS vector might initially suggest.

WordPress XSS Team Members Multi Language Supported Team Plugin
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy