Primary

Context

WordPress Team Showcase Plugin Code Injection Vulnerability

Vulnerability

A code injection vulnerability has been identified in the WordPress Team Showcase plugin, specifically in versions prior to 25.05.13. This vulnerability allows for arbitrary execution of injected code, which could be exploited to execute malicious shortcodes on the affected website.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution via injected shortcodes, potentially allowing attackers to manipulate website content or introduce malicious elements, such as phishing pages.

Remediation

Users of the WordPress Team Showcase plugin should update to version 25.05.13 or later to address this vulnerability. Patchstack users can enable auto-update for vulnerable plugins.

Added: Jun 6, 2025, 1:57 PM

Updated: Jun 6, 2025, 4:12 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

5.2

remediation

7.7

relevance

0.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

5.2

remediation

7.7

relevance

0.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress Team Showcase Plugin Code Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating