SM Team Security & Risk Analysis
wordpress.org/plugins/sm-teamSM Team is a wordpress plugin to list and display team members as grid. You can add team members profile, social links, image, location etc.
Is SM Team Safe to Use in 2026?
Generally Safe
Score 85/100SM Team has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "sm-team" v2.0.0 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of known CVEs and a clean vulnerability history is a significant positive indicator. The code also demonstrates good practices by exclusively using prepared statements for SQL queries and including a nonce check. Furthermore, the limited attack surface, consisting of only one shortcode and no AJAX handlers, REST API routes, or cron events, contributes to its security.
However, there are areas for concern. The most notable is the low percentage of properly escaped output (19%). This suggests a high likelihood of Cross-Site Scripting (XSS) vulnerabilities, as user-supplied data or content might be rendered directly in the browser without proper sanitization. The lack of capability checks on the shortcode also represents a potential risk, as it implies that any logged-in user, regardless of their role or permissions, can trigger its functionality. While the current attack surface is small, any introduction of new features, especially AJAX or REST API endpoints, without robust authentication and authorization mechanisms could quickly elevate the risk profile.
In conclusion, while the "sm-team" plugin has a strong foundation with no known vulnerabilities and good SQL handling, the significant number of unescaped outputs and the absence of capability checks on its sole entry point are critical weaknesses. Addressing the XSS risk through proper output escaping and implementing capability checks on the shortcode are essential steps to further harden its security.
Key Concerns
- Low percentage of properly escaped output
- Shortcode lacks capability checks
SM Team Security Vulnerabilities
SM Team Code Analysis
Output Escaping
SM Team Attack Surface
Shortcodes 1
WordPress Hooks 9
Maintenance & Trust
SM Team Maintenance & Trust
Maintenance Signals
Community Trust
SM Team Alternatives
Team Builder – Team Member Showcase With Grid and slider, Compatible With Elementor, Gutenberg
team-builder
Team Plugin comes with 6 Design Layout with Add unlimited Team Members. Grid Team and slider layout with Drag & Drop Builder, Easily add and delet …
Team Members – Multi Language Supported Team Plugin
team-showcase-supreme
Multi-language supported Team Members - Team with Slide is the best plugins to display unlimited team in Carouse and Grid view.
Team Member Team Showcase
team-builder-member-showcase
Display your team members with photos, bios, designations and social links in grid or slider layouts.
JWD Teams
jwd-teams
Create unlimited Team Showcases and display them through a generated shortcode. Easily.
RWC Team Members – Make your team shine
rwc-team-members
Showcase your team's talent and expertise with ease. Grids, slider, pop-up and filters - all in one shortcode. Get started today!
SM Team Developer Profile
10 plugins · 650 total installs
How We Detect SM Team
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/sm-team/css/bootstrap.wp.css/wp-content/plugins/sm-team/css/custom.css/wp-content/plugins/sm-team/js/bootstrap.min.js/wp-content/plugins/sm-team/js/bootstrap.min.jssm-team/css/bootstrap.wp.css?ver=sm-team/css/custom.css?ver=sm-team/js/bootstrap.min.js?ver=HTML / DOM Fingerprints
bootstrap-wrappersm-member-wrapid="sm_member_meta"name="short_bio"id="short_bio"name="member_designation"id="member_designation"name="member_email"+23 more[sm-member