Vulnerabilities and security researches foremployee-directory employee-directory
Direction: ascendingJun 05, 2025
Staff Directory – Employee Directory for WordPress # CVE-2025-5531
- CVE, Research URL
- Date
- Jun 04, 2025
- Research Description
- The Employee Directory – Staff Listing & Team Directory Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emd_mb_meta' shortcode in all versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
max 4.5.1.
- Status
-
vulnerable
Aug 06, 2025
Staff Directory – Employee Directory for WordPress # CVE-2025-8295
- CVE, Research URL
- Date
- Aug 05, 2025
- Research Description
- The Employee Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccess_msg’ parameter in all versions up to, and including, 4.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
max 4.5.2.
- Status
-
vulnerable
Aug 30, 2025
Staff Directory – Employee Directory for WordPress # CVE-2025-53243
- CVE, Research URL
- Date
- Aug 28, 2025
- Research Description
- Deserialization of Untrusted Data vulnerability in emarket-design Employee Directory – Staff Listing & Team Directory Plugin for WordPress allows Object Injection. This issue affects Employee Directory – Staff Listing & Team Directory Plugin for WordPress: from n/a through 4.5.3.
- Affected versions
-
max 4.5.3.
- Status
-
vulnerable