Stored Cross-Site Scripting Vulnerability in Team Section Block Plugin for WordPress
CVE-2026-0833

6.4MEDIUM

Key Information:

Vendor

WordPress
Status
Team Section Block – Showcase Team Members With Layout Options
Vendor
CVE Published:
17 January 2026

What is CVE-2026-0833?

The Team Section Block plugin for WordPress is affected by a vulnerability that allows attackers with Contributor-level access or higher to perform Stored Cross-Site Scripting (XSS). The issue arises from inadequate input sanitization and output escaping on user-provided social network URLs. This vulnerability enables the execution of malicious scripts when a user visits an injected page, posing severe risks to site security and user data integrity. Users are encouraged to upgrade to the latest version to mitigate this risk.

Affected Version(s)

Team Section Block – Showcase Team Members with Layout Options * <= 2.0.0

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/team-section/t...
https://plugins.trac.wordpress.org/browser/team-section/t...

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Athiwat Tiprasaharn
JSON
.