Every CVE whose affected-product data names Era404 Stafflist, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2022-1556 — CVSS 9.8 (critical): The StaffList WordPress plugin before 3.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement when…
CVE-2024-13749 — CVSS 6.1 (medium): The StaffList plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.3. This is due to…