Reflected XSS Vulnerability in Team Showcase Affects Versions n/a to 1.22.25
CVE-2024-44002

7.1HIGH

Key Information:

Vendor: WordPress
Status: Team Showcase
Vendor: CVE Published:; 18 September 2024

What is CVE-2024-44002?

A Cross-site Scripting (XSS) vulnerability has been identified in the Team Showcase plugin developed by PickPlugins. This security issue arises from improper handling of user input during web page generation, allowing attackers to execute malicious scripts in the context of users' browsers. This can lead to unauthorized actions and data exposure. The vulnerability affects all versions of Team Showcase from the inception of the plugin up to version 1.22.25. It is crucial for website administrators using this plugin to take immediate action to secure their installations and protect their users from potential exploitation.

Affected Version(s)

Team Showcase 0 <= 1.22.25

References

https://patchstack.com/database/Wordpress/Plugin/team/vul...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 18, 2024

CVE-2024-44002 Data

JSON

WordPress

What is CVE-2024-44002?

Affected Version(s)

References

CVSS V3.1

Timeline