WP-Safety

Team Showcase Security & Risk Analysis

wordpress.org/plugins/team

Fully responsive and mobile ready meet the team showcase plugin for wordpress.

1K active installs v1.22.28 PHP + WP 3.8+ Updated Dec 18, 2025
meet-the-team-pagemembers-profilesteamteam-membersteam-showcase
95
A · Safe
CVEs total6
Unpatched0
Last CVESep 16, 2024
Plugin page Download
Safety Verdict

Is Team Showcase Safe to Use in 2026?

Generally Safe

Score 95/100

Team Showcase has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

6 known CVEsLast CVE: Sep 16, 2024Updated 5mo ago
Risk Assessment

The "team" plugin v1.22.28 exhibits a mixed security posture. While the plugin demonstrates good practices such as 100% SQL query preparation, comprehensive nonce and capability checks on its entry points, and a low number of external HTTP requests, several concerns warrant attention. The presence of three "unserialize" calls within the code signals a potential risk for "Deserialization of Untrusted Data" vulnerabilities, especially given the plugin's history of such issues. Although taint analysis did not reveal critical or high-severity unsanitized paths, the "unserialize" function itself is a known vector for exploitation if user-controlled data can be passed to it without proper sanitization or validation.

The plugin's vulnerability history is a significant red flag. With a total of 6 known CVEs, including 4 high and 2 medium severity vulnerabilities, the plugin has a track record of serious security flaws. The common types of vulnerabilities reported (XSS and Deserialization) directly correlate with the "dangerous functions" identified in the static analysis. The fact that the last vulnerability was reported very recently (September 2024) and is currently unpatched suggests an ongoing security challenge.

In conclusion, while the plugin has strengths in its input validation and secure SQL practices, the recurring nature of deserialization and XSS vulnerabilities, coupled with the direct use of the "unserialize" function, creates a substantial risk. The lack of currently unpatched CVEs is positive, but the historical pattern and static code signals indicate that careful monitoring and potential code review are necessary to mitigate the risk of future zero-day vulnerabilities or re-emergence of past issues.

Key Concerns

  • Dangerous function: unserialize found
  • Vulnerability history: 4 high severity CVEs
  • Vulnerability history: 2 medium severity CVEs
  • Output escaping below 100%
  • Flows with unsanitized paths
Vulnerabilities
6 published

Team Showcase Security Vulnerabilities

CVEs by Year

4 CVEs in 2020
2020
2 CVEs in 2024
2024
Patched Has unpatched

Severity Breakdown

High
4
Medium
2

6 total CVEs

CVE-2024-44002medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Team Showcase <= 1.22.25 - Reflected Cross-Site Scripting

Sep 16, 2024 Patched in 1.22.26 (25d)
CVE-2024-43321medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Team Showcase <= 1.22.23 - Authenticated (Contributor+) Stored Cross-Site Scripting

Aug 16, 2024 Patched in 1.22.24 (7d)
CVE-2020-35938high · 7.5Deserialization of Untrusted Data

Team Showcase <= 1.22.15 - Object Injection

Sep 17, 2020 Patched in 1.22.16 (1223d)
CVE-2020-35937high · 7.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Team Showcase <= 1.22.15 - Stored Cross-Site Scripting

Sep 17, 2020 Patched in 1.22.16 (1223d)
CVE-2020-35936high · 7.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Team Showcase <= 1.22.15 - Stored Cross-Site Scripting

Sep 17, 2020 Patched in 1.22.16 (1223d)
CVE-2020-35939high · 7.5Deserialization of Untrusted Data

Team Showcase <= 1.22.15 - Object Injection

Sep 17, 2020 Patched in 1.22.16 (1223d)
Version History

Team Showcase Release Timeline

v1.22.26
v1.22.251 CVE
CVE-2024-44002
v1.22.241 CVE
CVE-2024-44002
v1.22.232 CVEs
CVE-2024-44002 CVE-2024-43321
v1.22.23a2 CVEs
CVE-2024-44002 CVE-2024-43321
v1.22.222 CVEs
CVE-2024-44002 CVE-2024-43321
v1.22.212 CVEs
CVE-2024-44002 CVE-2024-43321
v1.22.202 CVEs
CVE-2024-44002 CVE-2024-43321
v1.22.192 CVEs
CVE-2024-44002 CVE-2024-43321
v1.22.182 CVEs
CVE-2024-44002 CVE-2024-43321
v1.22.172 CVEs
CVE-2024-44002 CVE-2024-43321
v1.22.156 CVEs
CVE-2020-35938 CVE-2024-44002 CVE-2020-35937 +3 more
v1.22.146 CVEs
CVE-2020-35938 CVE-2024-44002 CVE-2020-35937 +3 more
v1.22.136 CVEs
CVE-2020-35938 CVE-2024-44002 CVE-2020-35937 +3 more
v1.22.126 CVEs
CVE-2020-35938 CVE-2024-44002 CVE-2020-35937 +3 more
v1.22.106 CVEs
CVE-2020-35938 CVE-2024-44002 CVE-2020-35937 +3 more
v1.22.96 CVEs
CVE-2020-35938 CVE-2024-44002 CVE-2020-35937 +3 more
v1.22.76 CVEs
CVE-2020-35938 CVE-2024-44002 CVE-2020-35937 +3 more
v1.22.66 CVEs
CVE-2020-35938 CVE-2024-44002 CVE-2020-35937 +3 more
v1.22.56 CVEs
CVE-2020-35938 CVE-2024-44002 CVE-2020-35937 +3 more
Code Analysis
Analyzed Mar 16, 2026

Team Showcase Code Analysis

Dangerous Functions
3
Raw SQL Queries
0
0 prepared
Unescaped Output
196
756 escaped
Nonce Checks
7
Capability Checks
11
File Operations
2
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserializeupdate_post_meta($post_id, $meta_key, unserialize($meta_value));includes\functions-data-upgrade.php:713
unserializeupdate_post_meta($post_id, $meta_key, unserialize($meta_value));includes\functions.php:307
unserialize$layout_elements_data = !empty($layout_elements_data) ? $layout_elements_data : unserialize($defaulttemplates\team-showcase\team-showcase-hook.php:119

Output Escaping

79% escaped952 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths
team_import_xml_layouts (includes\functions-data-upgrade.php:653)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Team Showcase Attack Surface

Entry Points8
Unprotected0

AJAX Handlers 1

authwp_ajax_team_import_xml_layoutsincludes\functions-data-upgrade.php:738

Shortcodes 7

[team] includes\class-shortcodes.php:15
[team_pickplugins] includes\class-shortcodes.php:16
[team_showcase] includes\class-shortcodes.php:17
[team_cron_upgrade_settings] includes\functions-data-upgrade.php:6
[team_cron_upgrade_team_members] includes\functions-data-upgrade.php:103
[team_cron_upgrade_team] includes\functions-data-upgrade.php:223
[team_import_xml_layouts] includes\functions.php:250
WordPress Hooks 84
actionteam_metabox_content_shortcodesincludes\class-post-meta-team-hook.php:6
actionteam_metabox_content_styleincludes\class-post-meta-team-hook.php:105
actionteam_metabox_content_query_memberincludes\class-post-meta-team-hook.php:263
actionteam_metabox_content_custom_scriptsincludes\class-post-meta-team-hook.php:423
actionteam_metabox_content_masonryincludes\class-post-meta-team-hook.php:490
actionteam_metabox_content_layoutsincludes\class-post-meta-team-hook.php:538
actionteam_metabox_content_paginationincludes\class-post-meta-team-hook.php:652
actionteam_metabox_content_help_supportincludes\class-post-meta-team-hook.php:782
actionteam_metabox_content_buy_proincludes\class-post-meta-team-hook.php:880
actionteam_meta_box_save_teamincludes\class-post-meta-team-hook.php:1215
actionteam_layout_metabox_content_custom_scriptsincludes\class-post-meta-team-layout-hook.php:14
actionteam_layout_metabox_content_layout_builderincludes\class-post-meta-team-layout-hook.php:100
actionteam_layout_meta_box_save_teamincludes\class-post-meta-team-layout-hook.php:372
actionadd_meta_boxesincludes\class-post-meta-team-layout.php:11
actionsave_postincludes\class-post-meta-team-layout.php:12
actionteam_member_metabox_content_generalincludes\class-post-meta-team-member-hook.php:5
actionteam_member_metabox_content_socialincludes\class-post-meta-team-member-hook.php:85
actionteam_member_metabox_content_layoutsincludes\class-post-meta-team-member-hook.php:154
actionteam_member_metabox_saveincludes\class-post-meta-team-member-hook.php:235
actionadd_meta_boxesincludes\class-post-meta-team-member.php:11
actionsave_postincludes\class-post-meta-team-member.php:12
actionadd_meta_boxesincludes\class-post-meta-team.php:11
actionsave_postincludes\class-post-meta-team.php:12
actioninitincludes\class-post-types.php:17
actioninitincludes\class-post-types.php:18
actioninitincludes\class-post-types.php:19
actionadmin_footerincludes\class-settings-tabs-reviews.php:27
actionadmin_noticesincludes\class-settings-tabs-reviews.php:28
actionadmin_menuincludes\class-settings.php:12
actionteam_cron_upgrade_settingsincludes\functions-data-upgrade.php:7
actionteam_cron_upgrade_team_membersincludes\functions-data-upgrade.php:105
actionteam_cron_upgrade_teamincludes\functions-data-upgrade.php:224
actionteam_cron_reset_migrateincludes\functions-data-upgrade.php:577
actionteam_layout_element_titleincludes\functions-layout-element.php:6
actionteam_layout_element_thumbnailincludes\functions-layout-element.php:31
actionteam_layout_element_positionincludes\functions-layout-element.php:85
actionteam_layout_element_metaincludes\functions-layout-element.php:111
actionteam_layout_element_socialincludes\functions-layout-element.php:142
filterteam_social_linkincludes\functions-layout-element.php:265
actionteam_layout_element_contentincludes\functions-layout-element.php:283
actionteam_layout_element_wrapper_startincludes\functions-layout-element.php:333
actionteam_layout_element_wrapper_endincludes\functions-layout-element.php:355
actionteam_layout_element_css_titleincludes\functions-layout-element.php:376
actionteam_layout_element_css_positionincludes\functions-layout-element.php:408
actionteam_layout_element_css_metaincludes\functions-layout-element.php:437
actionteam_layout_element_css_contentincludes\functions-layout-element.php:483
actionteam_layout_element_css_thumbnailincludes\functions-layout-element.php:520
actionlayout_elements_option_titleincludes\functions-layout-hook.php:6
actionlayout_elements_option_thumbnailincludes\functions-layout-hook.php:177
actionlayout_elements_option_contentincludes\functions-layout-hook.php:346
actionlayout_elements_option_socialincludes\functions-layout-hook.php:553
actionlayout_elements_option_metaincludes\functions-layout-hook.php:722
actionlayout_elements_option_positionincludes\functions-layout-hook.php:861
actionlayout_elements_option_wrapper_startincludes\functions-layout-hook.php:986
actionlayout_elements_option_wrapper_endincludes\functions-layout-hook.php:1102
filterteam_layout_element_title_textincludes\functions-layout-hook.php:1163
filterteam_layout_element_thumbnail_urlincludes\functions-layout-hook.php:1206
filterteam_layout_element_content_linkincludes\functions-layout-hook.php:1246
actionteam_settings_content_generalincludes\functions-settings-hook.php:4
actionteam_settings_content_team_memberincludes\functions-settings-hook.php:163
actionteam_settings_content_help_supportincludes\functions-settings-hook.php:227
actionteam_settings_content_buy_proincludes\functions-settings-hook.php:453
actionteam_settings_saveincludes\functions-settings-hook.php:789
filterthe_contentincludes\functions.php:4
filterthe_contentincludes\functions.php:127
filterthe_titleincludes\functions.php:147
filterpost_thumbnail_htmlincludes\functions.php:168
filtermanage_team_member_posts_columnsincludes\functions.php:175
actionmanage_team_member_posts_custom_columnincludes\functions.php:185
filtermanage_team_posts_columnsincludes\functions.php:215
actionmanage_team_posts_custom_columnincludes\functions.php:230
actionwp_enqueue_scriptsteam.php:58
actionadmin_enqueue_scriptsteam.php:59
actionplugins_loadedteam.php:60
filterwidget_textteam.php:61
filtercron_schedulesteam.php:64
actionteam_single_team_membertemplates\single-team-member\team-member-hook.php:8
actionteam_single_team_membertemplates\single-team-member\team-member-hook.php:46
actionteam_showcase_maintemplates\team-showcase\team-showcase-hook.php:4
actionteam_showcase_itemtemplates\team-showcase\team-showcase-hook.php:102
actionteam_showcase_maintemplates\team-showcase\team-showcase-hook.php:152
actionteam_showcase_maintemplates\team-showcase\team-showcase-hook.php:266
actionteam_showcase_before_itemstemplates\team-showcase\team-showcase-hook.php:303
actionteam_showcase_after_itemstemplates\team-showcase\team-showcase-hook.php:373

Scheduled Events 3

team_cron_upgrade_settings
team_cron_upgrade_team_members
team_cron_upgrade_team
Maintenance & Trust

Team Showcase Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 18, 2025
PHP min version
Downloads197K

Community Trust

Rating80/100
Number of ratings53
Active installs1K
Alternatives

Team Showcase Alternatives

Team – Team Members Showcase Plugin

Team – Team Members Showcase Plugin

tlp-team

A
89

WordPress team plugin to showcase team members with grid, slider, and filterable layouts. Fully compatible with Elementor & Gutenberg.

10K 7 CVEs
Team Builder – Team Member Showcase With Grid and slider, Compatible With Elementor, Gutenberg

Team Builder – Team Member Showcase With Grid and slider, Compatible With Elementor, Gutenberg

team-builder

A
100

Team Plugin comes with 6 Design Layout with Add unlimited Team Members. Grid Team and slider layout with Drag & Drop Builder, Easily add and delet &hellip;

7K No CVEs
Team Members – Multi Language Supported Team Plugin

Team Members – Multi Language Supported Team Plugin

team-showcase-supreme

A
95

Multi-language supported Team Members - Team with Slide is the best plugins to display unlimited team in Carouse and Grid view.

7K 3 CVEs
Responsive Team Members Showcase, Team Grid, Team Slider, and Staff List – Smart Team (formerly WP Team)

Responsive Team Members Showcase, Team Grid, Team Slider, and Staff List – Smart Team (formerly WP Team)

team-free

A
100

A WordPress plugin to display team members in Carousel, Grid, or List layouts. Customizable.

5K No CVEs
Team Members Showcase

Team Members Showcase

wps-team

A
96

WordPress Team Members Showcase plugin – display staff or team profiles in grids, sliders, tables, or lists with filters, popups, drawers & panels.

4K 3 CVEs
Developer Profile

Team Showcase Developer Profile

PickPlugins

14 plugins · 94K total installs

67
trust score
Avg Security Score
83/100
Avg Patch Time
330 days
View full developer profile
Detection Fingerprints

How We Detect Team Showcase

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/team/assets/front/js/masonry.js/wp-content/plugins/team/assets/front/js/imagesloaded.js/wp-content/plugins/team/assets/admin/css/fontawesome.css/wp-content/plugins/team/assets/admin/js/scripts.js/wp-content/plugins/team/assets/settings-tabs/settings-tabs.js/wp-content/plugins/team/assets/settings-tabs/settings-tabs.css/wp-content/plugins/team/assets/admin/js/jquery.lazy.js

HTML / DOM Fingerprints

CSS Classes
team_memberteam_layoutteam_showcase
Data Attributes
data-team_member_iddata-team_layout_id
JS Globals
team_ajax
Shortcode Output
[team_showcase][team_members]
FAQ

Frequently Asked Questions about Team Showcase