Vulnerabilities and security researches forteam team

Jun 06, 2024

CVE, Research URL: CVE-2020-35937
Home page URL: Security reports for Team Showcase
Application: Team Showcase
Date: Jan 01, 2021
Research Description: Stored Cross-Site Scripting (XSS) vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to team_import_xml_layouts.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2020-35936
Home page URL: Security reports for Team Showcase
Application: Team Showcase
Date: Jan 01, 2021
Research Description: Stored Cross-Site Scripting (XSS) vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to post_grid_import_xml_layouts.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2020-35939
Home page URL: Security reports for Team Showcase
Application: Team Showcase
Date: Jan 01, 2021
Research Description: PHP Object injection vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to team_import_xml_layouts.
Affected versions: Min -, max -.
Status: vulnerable

Aug 20, 2024

CVE, Research URL: CVE-2024-43321
Home page URL: Security reports for Team Showcase
Application: Team Showcase
Date: Aug 18, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Team Showcase allows Stored XSS.This issue affects Team Showcase: from n/a through 1.22.23.
Affected versions: Min -, max -.
Status: vulnerable

Sep 19, 2024

CVE, Research URL: CVE-2024-44002
Home page URL: Security reports for Team Showcase
Application: Team Showcase
Date: Sep 18, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Team Showcase allows Reflected XSS.This issue affects Team Showcase: from n/a through 1.22.25.
Affected versions: Min -, max -.
Status: vulnerable