Cross-site Scripting Vulnerability in Team Showcase by PickPlugins
CVE-2025-62745

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Team Showcase
Vendor: CVE Published:; 25 May 2026

What is CVE-2025-62745?

A Cross-site Scripting (XSS) vulnerability exists in the Team Showcase plugin from PickPlugins, which allows for the storage and execution of malicious scripts. This issue arises from improper handling of user input in web page generation, posing risks of unwanted script execution in users' browsers. The vulnerability affects all versions of Team Showcase up to and including 1.22.28, potentially compromising the safety and integrity of users' data.

Affected Version(s)

Team Showcase <= 1.22.28

References

https://patchstack.com/database/wordpress/plugin/team/vul...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 25, 2026
Vulnerability Reserved
Oct 21, 2025

Credit

Muhammad Yudha - DJ | Patchstack Bug Bounty Program

CVE-2025-62745 Data

JSON