CVE-2021-24128

Name of the Vulnerable Software and Affected Versions: Team Members WordPress plugin versions prior to 5.0.4

Description: The issue arises from unvalidated input and a lack of output encoding, leading to cross-site scripting vulnerabilities. This allows a medium-privileged authenticated attacker, with contributor or higher privileges, to inject arbitrary web script or HTML via the Description/biography of a member.

Recommendations: For versions prior to 5.0.4, update to version 5.0.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the Description/biography field for members to minimize the risk of exploitation.