EUVD-2024-53986

Malicious code in bioql PyPI...

CVE-2021-4397

The Staff Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6. This is due to missing or incorrect nonce validation on the saveCustomFields function. This makes it possible for unauthenticated attackers to save custom fields via ...

CVE-2024-13839

The Staff Directory Plugin: Company Directory plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.3. This makes it possible for unauthenticated attackers to inject...

CVE-2025-25165

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in richardgabriel Staff Directory Plugin: Company Directory staff-directory-pro allows Stored XSS.This issue affects Staff Directory Plugin: Company Directory: from n/a through = 4.3...

CVE-2024-13839

The Staff Directory Plugin: Company Directory plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.3. This makes it possible for unauthenticated attackers to inject...

WordPress plugin Staff Directory Plugin: Company Directory 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. WordPress plugin Staff Directory Plugin: A cross-site...

CVE-2025-25165 WordPress Staff Directory Plugin: Company Directory Plugin <= 4.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in richardgabriel Staff Directory Plugin: Company Directory staff-directory-pro allows Stored XSS.This issue affects Staff Directory Plugin: Company Directory: from n/a through = 4.3...

WordPress plugin Staff Directory Plugin: Company Directory 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress plugin Staff Directory Plugin: A cross-site...

WordPress Staff Directory Plugin: Company Directory Plugin <= 4.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Staff Directory Plugin: Company Directory versions = 4.3...

CVE-2023-4757

The Staff / Employee Business Directory for Active Directory WordPress plugin before 1.2.3 does not sanitize and escape data returned from the LDAP server before rendering it in the page, allowing users who can control their entries in the LDAP directory to inject malicious javascript which could...

CVE-2023-4505

The Staff / Employee Business Directory for Active Directory plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 1.2.3. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative...

CVE-2021-4397

The Staff Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6. This is due to missing or incorrect nonce validation on the saveCustomFields function. This makes it possible for unauthenticated attackers to save custom fields via ...

CVE-2021-4397 Staff Directory Plugin <= 3.6 - Cross-Site Request Forgery Bypass

The Staff Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6. This is due to missing or incorrect nonce validation on the saveCustomFields function. This makes it possible for unauthenticated attackers to save custom fields via ...

WordPress Plugin Staff Directory 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

PT-2023-12509 · WordPress · Staff Directory Plugin

Name of the Vulnerable Software and Affected Versions: Staff Directory Plugin versions up to, and including, 3.6 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the saveCustomFields function. This allows unauthenticated attackers to...

CVE-2021-24663

The Simple Schools Staff Directory WordPress plugin through 1.1 does not validate uploaded logo pictures to ensure that are indeed images, allowing high privilege users such as admin to upload arbitrary file like PHP, leading to RCE...