WordPress Team Members Showcase plugin cross-site scripting vulnerability

WordPress Team Members Showcase plugin is a tool for displaying team members' information on your WordPress site, supporting multiple layouts e.g., grids, sliders, tables, lists, etc. and providing filtering, popups, paging, and more. A cross-site scripting vulnerability exists in the WordPress...

CVE-2025-11560

The Team Members Showcase WordPress plugin before 3.5.0 does not sanitize and escape a parameter before outputting it back in the page, leading to reflected cross-site scripting, which could be used against high-privilege users such as admins...

EUVD-2025-119995

The Team Members Showcase WordPress plugin before 3.5.0 does not sanitize and escape a parameter before outputting it back in the page, leading to reflected cross-site scripting, which could be used against high-privilege users such as admins...

CVE-2025-11560

The Team Members Showcase WordPress plugin before 3.5.0 does not sanitize and escape a parameter before outputting it back in the page, leading to reflected cross-site scripting, which could be used against high-privilege users such as admins...

CVE-2025-11560 Team Members Showcase < 3.5.0 - Reflected XSS

The Team Members Showcase WordPress plugin before 3.5.0 does not sanitize and escape a parameter before outputting it back in the page, leading to reflected cross-site scripting, which could be used against high-privilege users such as admins...

CVE-2025-11560

CVE-2025-11560 — Concrete details exist for the WordPress plugin. The affected software is the Team Members Showcase WordPress plugin (versions before 3.5.0; e.g., ≤3.4.0). The root cause is a lack of sanitization/escaping of a parameter before outputting it on the page, causing a reflected cross...

CVE-2025-11560 Team Members Showcase < 3.5.0 - Reflected XSS

The Team Members Showcase WordPress plugin before 3.5.0 does not sanitize and escape a parameter before outputting it back in the page, leading to reflected cross-site scripting, which could be used against high-privilege users such as admins...

WordPress plugin Team Members Showcase 安全漏洞

WordPress Team Members Showcase plugin is a tool for displaying team members' information on your WordPress site, supporting multiple layouts e.g., grids, sliders, tables, lists, etc. and providing filtering, popups, paging, and more. A cross-site scripting vulnerability exists in the WordPress...

PT-2025-46567

Name of the Vulnerable Software and Affected Versions Team Members Showcase WordPress plugin versions prior to 3.5.0 Description The software does not properly sanitize and escape a parameter before displaying it on a page, creating a reflected cross-site scripting condition. This could potential...

EUVD-2023-37178

Malicious code in bioql PyPI...

CVE-2024-13439 Team – Team Members Showcase Plugin <= 4.4.9 - Missing Authorization to Authenticated (Subscriber+) Settings Update

The Team – Team Members Showcase Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the response function in all versions up to, and including, 4.4.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

PT-2025-6546 · WordPress · Team Members Showcase Plugin

Name of the Vulnerable Software and Affected Versions: The Team – Team Members Showcase Plugin plugin for WordPress versions up to, and including, 4.4.9 Description: The issue is related to unauthorized access due to a missing capability check on the response function. This allows authenticated...

CVE-2023-32957

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Dazzlersoft Team Members Showcase plugin = 1.3.4 versions...

CVE-2023-32957

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Dazzlersoft Team Members Showcase plugin = 1.3.4 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Dazzlersoft Team Members Showcase plugin = 1.3.4 versions...

CVE-2023-32957

CVE-2023-32957 concerns the WordPress plugin Team Members Showcase by Dazzlersoft, affected in versions &lt;= 1.3.4. The vulnerability is an authenticated Stored Cross-Site Scripting (XSS) flaw, exploitable by an administrator or higher privileges via admin settings. Multiple sources corroborate ...

WordPress Plugin Team Members Showcase Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Team Members Showcase Plugin <= 1.3.4 is vulnerable to Cross Site Scripting (XSS)

Software Team Members Showcase Type Plugin Vulnerable versions = 1.3.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32957 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8f4be40a02eb Credits Emili Castells...

WordPress Team Members Showcase < 4.1.2 - Subscriber+ Arbitrary File Read and Deletion

The plugin contains a file which could allow any authenticated users to download arbitrary files from the server via a path traversal vector. Furthermore, the file will also be deleted after its content is returned to the user...