Team Showcase
Approved changes feed: RSS · Atom
cpe:2.3:a:pickplugins:team_showcase:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Pickplugins (03c448d6-40a7-5ce8-8d7e-bbbe6a0aa644) |
|---|---|
| Product | Team Showcase (e7b944e1-092d-5b60-8752-9c0ea37445f0) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-44002 |
vulnerable | 2026-06-03 14:56:47.226759 |
WordPress Team Showcase plugin <= 1.22.25 - Reflected Cross Site Scripting (XSS) vulnerability
HIGH (7.1)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Team Showcase team allows Reflected XSS.This issue affects Team Showcase: from n/a through <= 1.22.25.
Published: 2024-09-17T23:12:03.050Z
Updated: 2026-04-28T16:10:15.774Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-35939 |
vulnerable | 2026-06-03 14:42:32.925330 |
Details available
HIGH (7.5)
PHP Object injection vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to team_import_xml_layouts.
Published: 2021-01-01T01:25:47.000Z
Updated: 2024-08-04T17:16:13.461Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-35938 |
vulnerable | 2026-06-03 14:42:32.924988 |
Details available
HIGH (7.5)
PHP Object injection vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to post_grid_import_xml_layouts.
Published: 2021-01-01T01:25:40.000Z
Updated: 2024-08-04T17:16:13.401Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-35937 |
vulnerable | 2026-06-03 14:42:32.924632 |
Details available
HIGH (7.5)
Stored Cross-Site Scripting (XSS) vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to team_import_xml_layouts.
Published: 2021-01-01T01:25:32.000Z
Updated: 2024-08-04T17:16:13.421Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-35936 |
vulnerable | 2026-06-03 14:42:32.924150 |
Details available
HIGH (7.5)
Stored Cross-Site Scripting (XSS) vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to post_grid_import_xml_layouts.
Published: 2021-01-01T01:25:23.000Z
Updated: 2024-08-04T17:16:13.449Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.