Vulnerabilities > Era404 > Stafflist > 2.2.3

DATE CVE VULNERABILITY TITLE RISK
2025-02-12 CVE-2024-13749 Cross-site Scripting vulnerability in Era404 Stafflist
The StaffList plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.3.
network
low complexity
era404 CWE-79
6.1
6.1
2022-05-30 CVE-2022-1556 Unspecified vulnerability in Era404 Stafflist
The StaffList WordPress plugin before 3.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement when searching for Staff in the admin dashboard, leading to an SQL Injection
network
low complexity
era404
critical
 9.8
9.8