Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/08/07 7:31 a.m.6 views

CVE-2025-8295

The Employee Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccessmsg’ parameter in all versions up to, and including, 4.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...

6.4CVSS5.5AI score0.00239EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/05 7:24 a.m.2 views

CVE-2025-8295 Employee Directory <= 4.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via noaccess_msg Parameter

The Employee Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccessmsg’ parameter in all versions up to, and including, 4.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...

6.4CVSS5.5AI score0.00239EPSS
Exploits0References4
CVE
CVE
added 2025/08/05 7:24 a.m.19 views

CVE-2025-8295

CVE-2025-8295 affects the WordPress Employee Directory plugin (Employee Directory – Staff Listing & Team Directory) with authenticated Stored XSS via the noaccess_msg parameter in versions up to 4.5.1. Public sources confirm the root cause is insufficient input sanitization and output escaping, e...

6.4CVSS5.6AI score0.00239EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/08/04 9:55 p.m.6 views

WordPress Employee Directory plugin <= 4.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via noaccess_msg Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via noaccessmsg Parameter vulnerability discovered by muhammad yudha in WordPress Plugin Employee Directory – Staff Listing & Team Directory Plugin for WordPress versions = 4.5.1...

6.4CVSS3.6AI score0.00239EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder