Team <= 1.2.6 – Contributor+ Stored Cross-Site Scripting | CVE 2022-34650

Affects Plugins

adl-team

No known fix

References

CVE

CVE-2022-34650

CVE

CVE-2022-34853

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.8 (medium)

Miscellaneous

Original Researcher

Ngo Van Thien, m0ze

Verified

No

WPVDB ID

611b04ec-84eb-4363-ac7e-50207785544a

Timeline

Publicly Published

2022-07-07 (about 3 years ago)

Added

2022-07-25 (about 3 years ago)

Last Updated

2022-08-25 (about 3 years ago)

Other

Published

Title

Published

2026-01-13

Title

Kunze Law <= 2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

Published

2024-05-28

Title

HUSKY – Products Filter Professional for WooCommerce < 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Published

2025-10-03

Title

Contest Gallery – Upload, Vote & Sell with PayPal and Stripe < 27.0.3 - Authenticated (Author+) Stored Cross-Site Scripting

Published

2023-02-02

Title

WP htpasswd <= 1.7 - Admin+ Stored XSS

Published

2026-01-10

Title

TheGem Theme Elements (for Elementor) < 5.11.1 - Authenticated (Contributor+) Stored Cross-Site Scripting