CVE-2025-62745 WordPress Team Showcase plugin <= 1.22.28 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PickPlugins Team Showcase allows Stored XSS. This issue affects Team Showcase: from n/a through 1.22.28...

WordPress Team Showcase plugin <= 2.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Team Showcase versions = 2.9...

EUVD-2020-23522

Malware in sbrugna...

WordPress plugin Team Showcase 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A code injection vulnerability exists in WordPress...

CVE-2023-5639

The Team Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tmfshortcode' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2020-35937

Stored Cross-Site Scripting XSS vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to...

CVE-2020-35939

PHP Object injection vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action mus...

WordPress Team Showcase plugin <= 1.22.25 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin Team Showcase versions = 1.22.25...

WordPress Team Showcase plugin <= 1.22.23 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Team Showcase versions = 1.22.23...

Cross site scripting

The Team Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tmfshortcode' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2023-5639

CVE-2023-5639 affects the WordPress plugin Team Showcase. The vulnerability is a Stored XSS via the plugin shortcode tmfshortcode in all versions up to 2.1 due to insufficient input sanitization and output escaping on user attributes. Exploitation requires an authenticated attacker with contribut...

CVE-2020-35939

PHP Object injection vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action mus...

CVE-2020-35937

Stored Cross-Site Scripting XSS vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to...

CVE-2020-35939

CVE-2020-35939 affects the Team Showcase plugin for WordPress (and related Post Grid/Team Showcase context) with PHP Object Injection via insecure unserialization in the source parameter over AJAX when action=team_import_xml_layouts. It requires authentication (remote authenticated attacker) and ...

CVE-2020-35939

PHP Object injection vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action mus...

CVE-2020-35937

CVE-2020-35937 affects the WordPress Post Grid/Team Showcase plugin: stored XSS in Team Showcase before 1.22.16 via AJAX import of layouts (team_import_xml_layouts) where the source parameter can carry crafted JavaScript. Requires authenticated access; impact is partial confidentiality/integrity/...

CVE-2020-35937

Stored Cross-Site Scripting XSS vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to...

WordPress Team Showcase plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the Team Showcase plugin before 1.22.16 for WordPress...