cbcvebase.

Era404 Stafflist vulnerabilities

5 known vulnerabilities affecting era404/stafflist.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2022-1556P2CRITICALCVSS 9.8fixed in 3.1.52022-05-30
CVE-2022-1556 [CRITICAL] CWE-89 CVE-2022-1556: The StaffList WordPress plugin before 3.1.5 does not properly sanitise and escape a parameter before The StaffList WordPress plugin before 3.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement when searching for Staff in the admin dashboard, leading to an SQL Injection
nvd
CVE-2025-32255P4MEDIUMCVSS 5.3≤ 3.2.72025-04-04
CVE-2025-32255 [MEDIUM] CWE-497 CVE-2025-32255: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ERA404 S Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ERA404 StaffList stafflist allows Retrieve Embedded Sensitive Data.This issue affects StaffList: from n/a through <= 3.2.7.
nvd
CVE-2024-13749P4MEDIUMCVSS 6.1fixed in 3.2.4≤ 3.2.32025-02-12
CVE-2024-13749 [MEDIUM] CWE-79 CVE-2024-13749: The StaffList plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to The StaffList plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.3. This is due to missing or incorrect nonce validation on the 'stafflist' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a
nvd
CVE-2025-32232P4MEDIUMCVSS 4.3≤ 3.2.72025-04-04
CVE-2025-32232 [MEDIUM] CWE-862 CVE-2025-32232: Missing Authorization vulnerability in ERA404 StaffList stafflist allows Exploiting Incorrectly Conf Missing Authorization vulnerability in ERA404 StaffList stafflist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects StaffList: from n/a through <= 3.2.7.
nvd
CVE-2025-12185P4MEDIUMCVSS 4.4≤ 3.2.62025-11-27
CVE-2025-12185 [MEDIUM] CWE-79 CVE-2025-12185: The StaffList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings i The StaffList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that wil
nvd
Era404 Stafflist vulnerabilities | cvebase