cleantalk
Vulnerabilities and Security Researches

Team Member Showcase Staff List Plugin – Employee Spotlight, CVE-2025-12090

CVE, Research URL

CVE-2025-12090

Home page URL

Security reports for Team Member Showcase Staff List Plugin – Employee Spotlight

Application

Team Member Showcase Staff List Plugin – Employee Spotlight

Published on
Nov 01, 2025
Research Description
The Employee Spotlight – Team Member Showcase & Meet the Team Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Social URLs in all versions up to, and including, 5.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 5.1.3.
Status
vulnerable
Previous vulnerability researches
WP Statistics (CVE-2025-9816) , Nov 10, 2025
WP Statistics , May 27, 2025
WP Statistics (CVE-2025-55716) , Aug 16, 2025
WP Statistics (CVE-2022-25149) , Jun 07, 2024
WP Statistics (CVE-2022-25307) , Jun 07, 2024
New vulnerability
Premmerce Wholesale Pricing for WooCommerce (CVE-2025-64285) , Nov 11, 2025
Premmerce Wholesale Pricing for WooCommerce (CVE-2025-60192) , Nov 11, 2025
Footnotes Made Easy (CVE-2025-11733) , Nov 11, 2025
CoSchedule (CVE-2025-49913) , Nov 11, 2025
Simple Finance Calculator (CVE-2025-60246) , Nov 11, 2025