CVE-2025-12185

The StaffList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

CVE-2025-12185

The StaffList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

CVE-2025-12185

CVE-2025-12185 concerns the WordPress StaffList plugin (versions

CVE-2025-12185 StaffList <= 3.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting

The StaffList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

CVE-2025-12185 StaffList <= 3.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting

The StaffList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

WordPress StaffList plugin <= 3.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Ivan Cese in WordPress Plugin StaffList versions = 3.2.6...

WordPress plugin StaffList 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-48235

The StaffList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

EUVD-2025-9802

Malicious code in bioql PyPI...

EUVD-2024-51742

Malicious code in bioql PyPI...

EUVD-2025-9792

Malicious code in bioql PyPI...

CVE-2022-1556

The StaffList WordPress plugin before 3.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement when searching for Staff in the admin dashboard, leading to an SQL Injection...

CVE-2025-32232

Missing Authorization vulnerability in ERA404 StaffList stafflist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects StaffList: from n/a through = 3.2.7...

CVE-2025-32255

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ERA404 StaffList stafflist allows Retrieve Embedded Sensitive Data.This issue affects StaffList: from n/a through = 3.2.7...

CVE-2025-32232

Missing Authorization vulnerability in ERA404 StaffList stafflist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects StaffList: from n/a through = 3.2.7...

CVE-2025-32255 WordPress StaffList plugin <= 3.2.6 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ERA404 StaffList allows Retrieve Embedded Sensitive Data. This issue affects StaffList: from n/a through 3.2.6...

CVE-2025-32255

CVE-2025-32255 pertains to the StaffList WordPress plugin, with unauthenticated exposure of sensitive information in versions up to 3.2.6. The connected documents also reference EUVD-2025-9792 and Wordfence reporting, noting the issue as unauthenticated sensitive information exposure but without ...

CVE-2025-32255 WordPress StaffList plugin <= 3.2.7 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ERA404 StaffList stafflist allows Retrieve Embedded Sensitive Data.This issue affects StaffList: from n/a through = 3.2.7...

CVE-2025-32232 WordPress StaffList plugin <= 3.2.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in ERA404 StaffList stafflist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects StaffList: from n/a through = 3.2.7...

CVE-2025-32232

No technical details about CVE-2025-32232 are provided in the supplied documents; public details (affected product/version/patch) are not disclosed here. Monitor for updates from authoritative sources.