4 matches found
CVE-2025-8295
The Employee Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccessmsg’ parameter in all versions up to, and including, 4.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...
CVE-2025-8295 Employee Directory <= 4.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via noaccess_msg Parameter
The Employee Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccessmsg’ parameter in all versions up to, and including, 4.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...
CVE-2025-8295
CVE-2025-8295 affects the WordPress Employee Directory plugin (Employee Directory – Staff Listing & Team Directory) with authenticated Stored XSS via the noaccess_msg parameter in versions up to 4.5.1. Public sources confirm the root cause is insufficient input sanitization and output escaping, e...
WordPress Employee Directory plugin <= 4.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via noaccess_msg Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via noaccessmsg Parameter vulnerability discovered by muhammad yudha in WordPress Plugin Employee Directory – Staff Listing & Team Directory Plugin for WordPress versions = 4.5.1...