Vulnerabilities > Era404

DATE CVE VULNERABILITY TITLE RISK
2022-05-30 CVE-2022-1556 SQL Injection vulnerability in Era404 Stafflist
The StaffList WordPress plugin before 3.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement when searching for Staff in the admin dashboard, leading to an SQL Injection
network
low complexity
era404 CWE-89
7.5