WP-Safety

Employee Spotlight – Team Member Showcase & Meet the Team Plugin Security & Risk Analysis

wordpress.org/plugins/employee-spotlight

Showcase your team with beautiful, responsive layouts: grid, carousel, cards, and more. Perfect for meet-the-team pages and employee highlights.

400 active installs v5.1.5 PHP + WP 4.5+ Updated Feb 25, 2026
employee-profilesstaff-directoryteam-gridteam-membersteam-showcase
95
A · Safe
CVEs total3
Unpatched0
Last CVEDec 12, 2025
Plugin page Download
Safety Verdict

Is Employee Spotlight – Team Member Showcase & Meet the Team Plugin Safe to Use in 2026?

Generally Safe

Score 95/100

Employee Spotlight – Team Member Showcase & Meet the Team Plugin has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Dec 12, 2025Updated 1mo ago
Risk Assessment

The employee-spotlight plugin v5.1.5 exhibits a mixed security posture. While it demonstrates strengths such as 100% prepared SQL statements, a substantial amount of output escaping (85%), and robust nonce and capability checks, there are significant areas of concern. The presence of 7 AJAX handlers, with 2 lacking proper authorization checks, represents a direct attack vector. The taint analysis, though limited in scope (8 flows), revealed 2 flows with unsanitized paths, which is a serious indicator of potential vulnerabilities, even if no critical or high severity issues were flagged in this specific analysis. The plugin's vulnerability history is a major red flag, with 3 known CVEs including one high severity issue, and common types like Missing Authorization and Cross-site Scripting. The fact that there are currently no unpatched CVEs is positive, but the pattern of past vulnerabilities suggests a recurring need for careful security development and auditing.

Key Concerns

  • 2 AJAX handlers without authorization checks
  • 2 flows with unsanitized paths in taint analysis
  • 1 high severity known CVE
  • 2 medium severity known CVEs
  • Bundled outdated library (Select2 v3.2)
Vulnerabilities
3

Employee Spotlight – Team Member Showcase & Meet the Team Plugin Security Vulnerabilities

CVEs by Year

3 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
2

3 total CVEs

CVE-2025-13403medium · 5.3Missing Authorization

Employee Spotlight – Team Member Showcase & Meet the Team Plugin <= 5.1.3 - Missing Authorization to Authenticated (Subscriber+) Tracking Opt-In/Opt-Out Modification

Dec 12, 2025 Patched in 5.1.4 (1d)
CVE-2025-12090medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Employee Spotlight – Team Member Showcase & Meet the Team Plugin <= 5.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Oct 31, 2025 Patched in 5.1.3 (1d)
CVE-2025-53583high · 8.1Deserialization of Untrusted Data

Employee Spotlight <= 5.1.1 - Unauthenticated PHP Object Injection

Aug 25, 2025 Patched in 5.1.2 (10d)
Code Analysis
Analyzed Mar 16, 2026

Employee Spotlight – Team Member Showcase & Meet the Team Plugin Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
22 prepared
Unescaped Output
187
1087 escaped
Nonce Checks
13
Capability Checks
17
File Operations
0
External Requests
2
Bundled Libraries
1

Bundled Libraries

Select23.2

SQL Query Safety

100% prepared22 total queries

Output Escaping

85% escaped1274 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

8 flows2 with unsanitized paths
emd_get_widg_pagenum (includes\widget-functions.php:13)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Employee Spotlight – Team Member Showcase & Meet the Team Plugin Attack Surface

Entry Points9
Unprotected2

AJAX Handlers 7

authwp_ajax_emd_insert_new_shcincludes\admin\shortcode-list-functions.php:72
authwp_ajax_emd_check_userEmailincludes\common-functions.php:541
authwp_ajax_emd_check_uniqueincludes\common-functions.php:570
authwp_ajax_employee_spotlight_send_deactivate_reasonincludes\plugin-feedback-functions.php:11
authwp_ajax_employee_spotlight_show_ratemeincludes\plugin-feedback-functions.php:16
authwp_ajax_emd_get_widg_pagenumincludes\widget-functions.php:10
noprivwp_ajax_emd_get_widg_pagenumincludes\widget-functions.php:11

Shortcodes 2

[employee_circle_grid] includes\entities\emd-employee-shortcodes.php:56
[employee_circle_panel_grid] includes\entities\emd-employee-shortcodes.php:123
WordPress Hooks 66
filterthe_contentemployee-spotlight.php:56
actionadmin_menuemployee-spotlight.php:60
filtertemplate_includeemployee-spotlight.php:64
actionwidgets_initemployee-spotlight.php:68
actionemployee_spotlight_getting_startedincludes\admin\getting-started.php:9
actionemployee_spotlight_settings_glossaryincludes\admin\glossary.php:9
actionemd_ext_registerincludes\admin\settings-functions-globs.php:11
filteremd_add_settings_tabincludes\admin\settings-functions-globs.php:12
actionemd_show_settings_tabincludes\admin\settings-functions-globs.php:13
actionemd_ext_registerincludes\admin\settings-functions.php:11
actionemd_show_settings_pageincludes\admin\settings-functions.php:12
actionemd_show_shortcodes_pageincludes\admin\shortcode-list-functions.php:4
actionemd_create_shc_with_filtersincludes\admin\shortcode-list-functions.php:53
filtermedia_buttonsincludes\admin\wpas-btn-functions.php:10
actionadmin_footerincludes\admin\wpas-btn-functions.php:11
filterkses_allowed_protocolsincludes\admin\wpas-btn-functions.php:222
filterposts_whereincludes\class-emd-query.php:91
filterposts_joinincludes\class-emd-query.php:94
filtersafe_style_cssincludes\class-emd-widget.php:57
actionadmin_initincludes\class-install-deactivate.php:21
actionwp_headincludes\class-install-deactivate.php:33
actionadmin_initincludes\class-install-deactivate.php:37
actionadmin_noticesincludes\class-install-deactivate.php:41
actiongenerate_rewrite_rulesincludes\class-install-deactivate.php:45
filterquery_varsincludes\class-install-deactivate.php:46
actionadmin_initincludes\class-install-deactivate.php:47
actionbefore_delete_postincludes\class-install-deactivate.php:51
filterget_media_item_argsincludes\class-install-deactivate.php:55
actioninitincludes\class-install-deactivate.php:56
filtertiny_mce_before_initincludes\class-install-deactivate.php:61
actionemd_ext_admin_enqincludes\emd-lite\emd-lite.php:8
filteremd_lite_modalincludes\emd-lite\emd-lite.php:26
actioninitincludes\entities\class-emd-employee.php:27
actionadmin_initincludes\entities\class-emd-employee.php:31
filterpost_updated_messagesincludes\entities\class-emd-employee.php:35
actionadmin_menuincludes\entities\class-emd-employee.php:39
actionadmin_head-edit.phpincludes\entities\class-emd-employee.php:43
actionmanage_emd_employee_posts_custom_columnincludes\entities\class-emd-employee.php:49
filtermanage_emd_employee_posts_columnsincludes\entities\class-emd-employee.php:53
filterenter_title_hereincludes\entities\class-emd-employee.php:58
filterpost_row_actionsincludes\entities\class-emd-employee.php:62
actionadmin_action_emd_duplicate_entityincludes\entities\class-emd-employee.php:66
actionadmin_noticesincludes\entities\class-emd-employee.php:526
filterthe_titleincludes\entities\class-emd-employee.php:557
actionsave_postincludes\entities\class-emd-entity.php:96
actionsave_postincludes\entities\class-emd-entity.php:133
actionwp_footerincludes\entities\emd-employee-shortcodes.php:67
actionwp_footerincludes\entities\emd-employee-shortcodes.php:134
filterwidget_textincludes\entities\emd-employee-shortcodes.php:143
filterwidget_textincludes\entities\emd-employee-shortcodes.php:144
filteremd_show_temp_sidebarincludes\layout-functions.php:166
actionemd_sidebarincludes\layout-functions.php:196
actionwidgets_initincludes\layout-functions.php:213
filteremd_show_temp_navigationincludes\layout-functions.php:290
filteremd_show_single_edit_linkincludes\layout-functions.php:320
filteremd_change_containerincludes\layout-functions.php:332
actionemd_ext_set_confincludes\plugin-app-functions.php:8
actionemd_ext_reset_confincludes\plugin-app-functions.php:9
filterplugin_row_metaincludes\plugin-feedback-functions.php:9
filterplugin_action_linksincludes\plugin-feedback-functions.php:10
actionadmin_footerincludes\plugin-feedback-functions.php:14
actionadmin_noticesincludes\plugin-feedback-functions.php:17
actionadmin_post_employee-spotlight_check_optinincludes\plugin-feedback-functions.php:18
actionadmin_enqueue_scriptsincludes\scripts.php:9
actionwp_enqueue_scriptsincludes\scripts.php:142
actionadmin_print_footer_scriptsincludes\scripts.php:243
Maintenance & Trust

Employee Spotlight – Team Member Showcase & Meet the Team Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 25, 2026
PHP min version
Downloads54K

Community Trust

Rating94/100
Number of ratings31
Active installs400
Alternatives

Employee Spotlight – Team Member Showcase & Meet the Team Plugin Alternatives

Team Members – Multi Language Supported Team Plugin

Team Members – Multi Language Supported Team Plugin

team-showcase-supreme

A
98

Multi-language supported Team Members - Team with Slide is the best plugins to display unlimited team in Carouse and Grid view.

7K 2 CVEs
Responsive Team Members Showcase, Team Grid, Team Slider, and Staff List – SmartTeam (formerly WP Team)

Responsive Team Members Showcase, Team Grid, Team Slider, and Staff List – SmartTeam (formerly WP Team)

team-free

A
100

A WordPress plugin to display team members in Carousel, Grid, or List layouts. Customizable.

5K No CVEs
Team Members Showcase

Team Members Showcase

wps-team

A
95

WordPress Team Members Showcase plugin – display staff or team profiles in grids, sliders, tables, or lists with filters, popups, drawers & panels.

4K 3 CVEs
Team Showcase – Responsive Team Members Grid, Slider & Carousel Plugin

Team Showcase – Responsive Team Members Grid, Slider & Carousel Plugin

team-showcase

A
98

Create beautiful, responsive team member sections with grid, slider, list, popup, and carousel layouts. Perfect for companies, agencies, startups, sch &hellip;

2K 2 CVEs
Team – Team Members Showcase Plugin

Team – Team Members Showcase Plugin

tlp-team

A
90

WordPress team plugin to showcase team members with grid, slider, and filterable layouts. Fully compatible with Elementor & Gutenberg.

10K 5 CVEs
Developer Profile

Employee Spotlight – Team Member Showcase & Meet the Team Plugin Developer Profile

emarket-design

10 plugins · 4K total installs

75
trust score
Avg Security Score
94/100
Avg Patch Time
251 days
View full developer profile
Detection Fingerprints

How We Detect Employee Spotlight – Team Member Showcase & Meet the Team Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/employee-spotlight/assets/css/emd-frontend.css/wp-content/plugins/employee-spotlight/assets/css/emd-public.css/wp-content/plugins/employee-spotlight/assets/js/emd-frontend.js/wp-content/plugins/employee-spotlight/assets/js/emd-public.js/wp-content/plugins/employee-spotlight/assets/js/emd-custom-fields.js
Script Paths
/wp-content/plugins/employee-spotlight/assets/js/emd-frontend.js/wp-content/plugins/employee-spotlight/assets/js/emd-public.js/wp-content/plugins/employee-spotlight/assets/js/emd-custom-fields.js
Version Parameters
employee-spotlight/assets/css/emd-frontend.css?ver=employee-spotlight/assets/css/emd-public.css?ver=employee-spotlight/assets/js/emd-frontend.js?ver=employee-spotlight/assets/js/emd-public.js?ver=employee-spotlight/assets/js/emd-custom-fields.js?ver=

HTML / DOM Fingerprints

CSS Classes
emd-employee-containeremd-employee-contentemd-employee-bioemd-employee-contactemd-employee-nameemd-employee-titleemd-employee-imageemd-employee-single-layout+1 more
Data Attributes
data-entity="employee"data-layout="single"data-layout="grid"data-layout="default"
JS Globals
emd_employee_params
REST Endpoints
/wp-json/employee-spotlight/v1/get_employee_data
Shortcode Output
[employee_profile[employee_list
FAQ

Frequently Asked Questions about Employee Spotlight – Team Member Showcase & Meet the Team Plugin