Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Team Showcase 2.1

  • Severity: medium-risk
  • Status: Fixed
  • Publication: October 18, 2023

The Team Showcase plugin for WordPress is vulnerable to a type of attack called Stored Cross-Site Scripting. This attack allows malicious users with contributor-level and higher permissions to inject scripts into pages in WordPress. These scripts will run every time a user visits the page, allowing the malicious user to do things like steal or change information, interfere with the page’s display, and more. The vulnerability exists in all versions of the plugin up to and including version 2.1 because the plugin does not properly check user input or protect the output.

Detected in:

Team Showcase fixed vulnerable versions: >= * <= 2.1
Team Showcase – Responsive Team Members Grid, Slider & Carousel Plugin fixed vulnerable versions:
Team Showcase – Responsive Team Members Grid, Slider, and Carousel Plugin fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.