Era404 Stafflist
5 CVEs affecting Era404 Stafflist. Latest disclosed: 2025-11-27. Critical: 1, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-1556 | Critical | 9.8 | 2022-05-30 | The StaffList WordPress plugin before 3.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement when searching for Staff in th… |
CVE-2024-13749 | Medium | 6.1 | 2025-02-12 | The StaffList plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.3. This is due to missing or incorrect… |
CVE-2025-32255 | Medium | 5.3 | 2025-04-04 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ERA404 StaffList stafflist allows Retrieve Embedded Sensitive Data… |
CVE-2025-12185 | Medium | 4.4 | 2025-11-27 | The StaffList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.6 due to insuffici… |
CVE-2025-32232 | Medium | 4.3 | 2025-04-04 | Missing Authorization vulnerability in ERA404 StaffList stafflist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects St… |