CVE-2026-1279

The CVE-2026-1279 entry concerns the WordPress Employee Directory plugin (versions up to and including 1.2.1). It describes Stored Cross-Site Scripting via the form_title parameter in the search_employee_directory shortcode, caused by insufficient input sanitization and output escaping. Authentic...

EUVD-2026-5610

The Employee Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'formtitle' parameter in the searchemployeedirectory shortcode in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for...

WordPress plugin Employee Directory 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

EUVD-2025-25997

Malicious code in bioql PyPI...

CVE-2025-53243

Deserialization of Untrusted Data vulnerability in emarket-design Employee Directory – Staff Listing & Team Directory Plugin for WordPress employee-directory allows Object Injection.This issue affects Employee Directory – Staff Listing & Team Directory Plugin for WordPress: from n/a through = 4.5...

PT-2025-31915 · WordPress · Employee Directory

Name of the Vulnerable Software and Affected Versions: Employee Directory plugin for WordPress versions up to and including 4.5.1 Description: The Employee Directory plugin for WordPress is susceptible to Stored Cross-Site Scripting through the noaccess msg parameter due to insufficient input...

CVE-2025-5531

The Employee Directory – Staff Listing & Team Directory Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emdmbmeta' shortcode in all versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping on user...