CVE-2023-4505

The Staff / Employee Business Directory for Active Directory plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 1.2.3. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative...

CVE-2023-4757

The Staff / Employee Business Directory for Active Directory WordPress plugin before 1.2.3 does not sanitize and escape data returned from the LDAP server before rendering it in the page, allowing users who can control their entries in the LDAP directory to inject malicious javascript which could...

CVE-2024-34821

Missing Authorization vulnerability in Anssi Laitila Contact List contact-list.This issue affects Contact List: from n/a through = 2.9.87...

EUVD-2025-5636

Malicious code in bioql PyPI...

EUVD-2024-53986

Malicious code in bioql PyPI...

CVE-2021-4397

The Staff Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6. This is due to missing or incorrect nonce validation on the saveCustomFields function. This makes it possible for unauthenticated attackers to save custom fields via ...

CVE-2024-13839

The Staff Directory Plugin: Company Directory plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.3. This makes it possible for unauthenticated attackers to inject...

CVE-2025-25165

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in richardgabriel Staff Directory Plugin: Company Directory staff-directory-pro allows Stored XSS.This issue affects Staff Directory Plugin: Company Directory: from n/a through = 4.3...

CVE-2024-13839

The Staff Directory Plugin: Company Directory plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.3. This makes it possible for unauthenticated attackers to inject...

WordPress plugin Staff Directory Plugin: Company Directory 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. WordPress plugin Staff Directory Plugin: A cross-site...

CVE-2025-25165

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in richardgabriel Staff Directory Plugin: Company Directory staff-directory-pro allows Stored XSS.This issue affects Staff Directory Plugin: Company Directory: from n/a through = 4.3...

CVE-2025-25165 WordPress Staff Directory Plugin: Company Directory Plugin <= 4.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in richardgabriel Staff Directory Plugin: Company Directory staff-directory-pro allows Stored XSS.This issue affects Staff Directory Plugin: Company Directory: from n/a through = 4.3...

CVE-2025-25165

CVE-2025-25165 affects WordPress Staff Directory Plugin: Company Directory (versions up to 4.3). Vulnerability: Stored XSS due to improper neutralization of input during web page generation. Impact/conditions: the issue is a cross-site scripting vulnerability described in multiple sources; the CV...

WordPress plugin Staff Directory Plugin: Company Directory 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress plugin Staff Directory Plugin: A cross-site...

WordPress Staff Directory Plugin: Company Directory Plugin <= 4.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Staff Directory Plugin: Company Directory versions = 4.3...

CVE-2024-34821

Missing Authorization vulnerability in Contact List PRO Contact List – Easy Business Directory, Staff Directory and Address Book Plugin.This issue affects Contact List – Easy Business Directory, Staff Directory and Address Book Plugin: from n/a through 2.9.87...

CVE-2024-34821 WordPress Contact List plugin <= 2.9.87 - Broken Access Control vulnerability

Missing Authorization vulnerability in Anssi Laitila Contact List contact-list.This issue affects Contact List: from n/a through = 2.9.87...

CVE-2024-34821

CVE-2024-34821 is a Missing Authorization vulnerability in the WordPress plugin Contact List (Premium Staff Listing, Business Directory & Address Book), affected versions from n/a through 2.9.87. CVSSv3.1 base score 5.3 (Medium). Public records (NVD/Patchstack) confirm affected product and impact...

Contact List – Easy Business Directory, Staff Directory and Address Book Plugin < 2.9.88 - Missing Authorization to Notice Dismissal

Description The Contact List – Easy Business Directory, Staff Directory and Address Book Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the processnotifications function in versions up to, and including, 2.9.87. This makes it...

CVE-2023-4757

The Staff / Employee Business Directory for Active Directory WordPress plugin before 1.2.3 does not sanitize and escape data returned from the LDAP server before rendering it in the page, allowing users who can control their entries in the LDAP directory to inject malicious javascript which could...