4 matches found
CVE-2022-1556
The StaffList WordPress plugin before 3.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement when searching for Staff in the admin dashboard, leading to an SQL Injection...
CVE-2025-32255
CVE-2025-32255 pertains to the StaffList WordPress plugin, with unauthenticated exposure of sensitive information in versions up to 3.2.6. The connected documents also reference EUVD-2025-9792 and Wordfence reporting, noting the issue as unauthenticated sensitive information exposure but without ...
CVE-2025-32232
No technical details about CVE-2025-32232 are provided in the supplied documents; public details (affected product/version/patch) are not disclosed here. Monitor for updates from authoritative sources.
PT-2025-15011 · Era404 · Era404 Stafflist
Name of the Vulnerable Software and Affected Versions: ERA404 StaffList versions 3.2.6 and earlier Description: The issue allows exposure of sensitive system information to an unauthorized control sphere, enabling the retrieval of embedded sensitive data. Recommendations: For ERA404 StaffList...