Employee Directory
by WordPress
Source repositories
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-53243 | Hig | 0.53 | 8.1 | 0.00 | Aug 28, 2025 | Deserialization of Untrusted Data vulnerability in emarket-design Employee Directory – Staff Listing & Team Directory Plugin for WordPress employee-directory allows Object Injection.This issue affects Employee Directory – Staff Listing & Team Directory Plugin for WordPress:… | ||
| CVE-2026-1279 | Med | 0.42 | 6.4 | 0.00 | Feb 6, 2026 | The Employee Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'form_title' parameter in the `search_employee_directory` shortcode in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes… | ||
| CVE-2025-8295 | Med | 0.35 | 6.4 | 0.00 | Aug 5, 2025 | The Employee Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccess_msg’ parameter in all versions up to, and including, 4.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated… | ||
| CVE-2023-4757 | Med | 0.35 | 5.4 | 0.00 | Jan 16, 2024 | The Staff / Employee Business Directory for Active Directory WordPress plugin before 1.2.3 does not sanitize and escape data returned from the LDAP server before rendering it in the page, allowing users who can control their entries in the LDAP directory to inject malicious… |
- risk 0.53cvss 8.1epss 0.00
Deserialization of Untrusted Data vulnerability in emarket-design Employee Directory – Staff Listing & Team Directory Plugin for WordPress employee-directory allows Object Injection.This issue affects Employee Directory – Staff Listing & Team Directory Plugin for WordPress:…
- risk 0.42cvss 6.4epss 0.00
The Employee Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'form_title' parameter in the `search_employee_directory` shortcode in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes…
- risk 0.35cvss 6.4epss 0.00
The Employee Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccess_msg’ parameter in all versions up to, and including, 4.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…
- risk 0.35cvss 5.4epss 0.00
The Staff / Employee Business Directory for Active Directory WordPress plugin before 1.2.3 does not sanitize and escape data returned from the LDAP server before rendering it in the page, allowing users who can control their entries in the LDAP directory to inject malicious…