Primary

Context

Employee Spotlight WordPress Plugin Missing Authorization Vulnerability in Tracking Opt-In/Out Modification

Vulnerability

A vulnerability exists in the Employee Spotlight WordPress plugin, specifically in the Team Member Showcase & Meet the Team version 5.1.3 and prior. The issue arises from a lack of proper authorization validation in the 'employee_spotlight_check_optin()' function. This flaw allows authenticated attackers with Subscriber-level access and above to unauthorizedly modify tracking settings, enabling or disabling tracking options.

Impact

Exploitation of this vulnerability allows for unauthorized modification of tracking settings, potentially leading to misuse of tracking opt-in or opt-out preferences.

Remediation

Users can update to version 5.1.4 or a newer patched version to address this vulnerability.

Added: Dec 13, 2025, 5:15 PM

Updated: Dec 13, 2025, 5:15 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.9

remediation

7.7

relevance

1.5

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.9

remediation

7.7

relevance

1.5

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Employee Spotlight WordPress Plugin Missing Authorization Vulnerability in Tracking Opt-In/Out Modification

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating