Threat Entry Updated 2025-12-15

CVE-2025-13403 - Meet The Team Plugin

The Employee Spotlight – Team Member Showcase & Meet the Team Plugin for WordPress is vulnerable to unauthorized tracking settings modification due to missing authorization validation on the employee_spotlight_check_optin() function in all versions up to, and including, 5.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enable or disable tracking settings.

PLUGIN Meet The Team

CVE-2025-13403

MEDIUM CVSS 5.3 2025-12-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-11-04

CVE-2025-12090 - Meet The Team Plugin

The Employee Spotlight – Team Member Showcase & Meet the Team Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Social URLs in all versions up to, and including, 5.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Meet The Team

CVE-2025-12090

MEDIUM CVSS 6.4 2025-11-01

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-02-21

CVE-2024-13687 - Meet The Team Plugin

The Team Builder – Meet the Team plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_team_builder_options() function in all versions up to, and including, 1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings.

PLUGIN Meet The Team

CVE-2024-13687

MEDIUM CVSS 4.3 2025-02-18

Risk Score

Open Full Technical Breakdown