PT-2025-51044

The Employee Spotlight – Team Member Showcase & Meet the Team Plugin for WordPress is vulnerable to unauthorized tracking settings modification due to missing authorization validation on the employee spotlight check optin function in all versions up to, and including, 5.1.3. This makes it possibl...

CVE-2025-12090

The Employee Spotlight – Team Member Showcase & Meet the Team Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Social URLs in all versions up to, and including, 5.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

EUVD-2025-37423

The Employee Spotlight – Team Member Showcase & Meet the Team Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Social URLs in all versions up to, and including, 5.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2025-12090 Employee Spotlight – Team Member Showcase & Meet the Team Plugin <= 5.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Employee Spotlight – Team Member Showcase & Meet the Team Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Social URLs in all versions up to, and including, 5.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2025-12090

CVE-2025-12090 : WordPress plugin Employee Spotlight – Team Member Showcase & Meet the Team prior to 5.1.3 is vulnerable to Stored Cross-Site Scripting via Social URLs. Exploitation requires authenticated access at least at the Contributor level; attackers can inject scripts that run when users v...

PT-2025-44712

Name of the Vulnerable Software and Affected Versions Employee Spotlight – Team Member Showcase & Meet the Team Plugin versions prior to 5.1.3 Description The Employee Spotlight – Team Member Showcase & Meet the Team Plugin for WordPress is susceptible to Stored Cross-Site Scripting through Socia...

EUVD-2014-4479

Malware in sbrugna...

WordPress Employee Spotlight plugin <= 5.1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by muhammad yudha in WordPress Plugin Employee Spotlight versions = 5.1.0...

CVE-2025-39498 WordPress Spotlight - Social Media Feeds (Premium) plugin <= 1.7.1 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Spotlight Spotlight - Social Media Feeds Premium allows Retrieve Embedded Sensitive Data.This issue affects Spotlight - Social Media Feeds Premium: from n/a through 1.7.1...

CVE-2014-4552

Cross-site scripting XSS vulnerability in library/includes/payment/paypalexpress/DoDirectPayment.php in the Spotlight spotlightyour plugin 4.7 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the paymentType parameter...

CVE-2014-4552

CVE-2014-4552 describes a cross-site scripting (XSS) vulnerability in the Spotlight WordPress plugin (

CVE-2014-4552

Cross-site scripting XSS vulnerability in library/includes/payment/paypalexpress/DoDirectPayment.php in the Spotlight spotlightyour plugin 4.7 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the paymentType parameter...

WordPress Spotlight Plugin <= 4.7 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "paymentType" parameter. Solution Update the plugin...