CVE-2025-62745 PUBLISHED

WordPress Team Showcase plugin <= 1.22.28 - Cross Site Scripting (XSS) vulnerability

Assigner: Patchstack
Reserved: 21.10.2025 Published: 25.05.2026 Updated: 26.05.2026

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Team Showcase allows Stored XSS.

This issue affects Team Showcase: from n/a through 1.22.28.

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
CVSS Score: 6.5

CVSS 3.1

Vendor	PickPlugins
Product	Team Showcase
Versions	Default: unaffected affected from n/a to 1.22.28 (incl.)

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE