Code Injection Vulnerability in Team Showcase by cmoreira
CVE-2025-49250

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Team Showcase
Vendor: CVE Published:; 6 June 2025

What is CVE-2025-49250?

The cmoreira Team Showcase plugin for WordPress is susceptible to a code injection vulnerability that allows unauthorized code execution, potentially compromising the security of websites utilizing the plugin. This vulnerability can be exploited by injecting malicious code, thereby allowing attackers to manipulate the site's functionalities. Users are advised to promptly check and update their plugin to safeguard against this security threat.

Affected Version(s)

Team Showcase < 25.05.13

References

https://patchstack.com/database/wordpress/plugin/team-sho...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 6, 2025
Vulnerability Reserved
Jun 4, 2025

Credit

Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) (Patchstack Alliance)