CVE-2025-14124

Name of the Vulnerable Software and Affected Versions The Team WordPress plugin versions prior to 5.0.11

Description The Team WordPress plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action. This allows unauthenticated users to potentially execute SQL injection attacks. The issue is related to insufficient input validation before utilizing data within a SQL query. The vulnerable action is accessible through an AJAX request. A specific parameter is not adequately sanitized, leading to the potential for malicious code execution.

Recommendations Update The Team WordPress plugin to version 5.0.11 or later.