CVE-2025-11560

The Team Members Showcase WordPress plugin before 3.5.0 does not sanitize and escape a parameter before outputting it back in the page, leading to reflected cross-site scripting, which could be used against high-privilege users such as admins...

PT-2022-13845 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 6.4.x and earlier Description: The issue is related to insecure plugin handling in Mattermost, where the software fails to properly check the plugin version when a plugin is installed from the Marketplace. This allows an...