MEDIUM
adnanmoqsood
CVE published 2026-05-27
CVE-2026-8870
A stored cross-site scripting (XSS) vulnerability exists in the Team Master – A Modern WordPress Team Showcase plugin for WordPress. The flaw stems from insufficient input sanitization and output escaping within shortcode attributes, allowing authenticated attackers with contributor-level access or higher to inject arbitrary web scripts. These scripts execute when any user accesses a page containing the i [truncated]