CVE-2025-11560
12.11.2025, 06:15
The Team Members Showcase WordPress plugin before 3.5.0 does not sanitize and escape a parameter before outputting it back in the page, leading to reflected cross-site scripting, which could be used against high-privilege users such as admins.Enginsight
Awaiting analysis
This vulnerability is currently awaiting analysis.