Cross-site Scripting Vulnerability in Team Showcase by Themepoints
CVE-2025-69335

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: Team Showcase
Vendor: CVE Published:; 6 January 2026

What is CVE-2025-69335?

The Team Showcase plugin by Themepoints contains a vulnerability that permits stored Cross-site Scripting (XSS) attacks, which could allow an attacker to inject malicious scripts. This vulnerability arises from improper input neutralization during web page generation. Versions of the plugin up to 2.9 are susceptible, leading to potential exposure of user data and administrative actions being compromised. Users are advised to update to the latest version to safeguard against this security threat.

Affected Version(s)

Team Showcase <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/team...

vdb-entry

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 6, 2026
Vulnerability Reserved
Dec 31, 2025

Credit

Muhammad Yudha - DJ | Patchstack Bug Bounty Program

JSON