Era404 Stafflist

5 CVEs affecting Era404 Stafflist. Latest disclosed: 2025-11-27. Critical: 1, High: 0.

Top CVEs affecting Era404 Stafflist
CVESeverityScorePublishedSummary
CVE-2022-1556Critical9.82022-05-30The StaffList WordPress plugin before 3.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement when searching for Staff in th…
CVE-2024-13749Medium6.12025-02-12The StaffList plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.3. This is due to missing or incorrect…
CVE-2025-32255Medium5.32025-04-04Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ERA404 StaffList stafflist allows Retrieve Embedded Sensitive Data…
CVE-2025-12185Medium4.42025-11-27The StaffList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.6 due to insuffici…
CVE-2025-32232Medium4.32025-04-04Missing Authorization vulnerability in ERA404 StaffList stafflist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects St…