GCVE - cpe:2.3:a:cyberlord92:employee_directory_–_staff_directory_and

Approved changes feed: RSS · Atom

cpe:2.3:a:cyberlord92:employee_directory_–_staff_directory_and_listing:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Cyberlord92 (`d4db5aca-fcb6-5704-b2d9-5b8ecb1765d8`)
Product	Employee Directory – Staff Directory And Listing (`0ea1f67d-7c9f-5de6-873c-d683cf3d575c`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-1279`	vulnerable	2026-06-03 15:14:44.083338	Employee Directory <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'form_title' Shortcode Attribute MEDIUM (6.4) The Employee Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'form_title' parameter in the `search_employee_directory` shortcode in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: 2026-02-06T07:24:55.528Z Updated: 2026-04-08T17:32:19.893Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/f0d3b54c-6244-4776-be3c-afe3a28a2b8a?source=cve https://plugins.trac.wordpress.org/browser/employee-staff-directory/trunk/handler/mo-empdir-search_handler.php#L29 https://wordpress.org/plugins/employee-staff-directory https://plugins.trac.wordpress.org/browser/employee-staff-directory/tags/1.2.1/handler/mo-empdir-search_handler.php#L29 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3448620%40employee-staff-directory&new=3448620%40employee-staff-directory	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-8420`	vulnerable	2026-06-03 15:13:43.577589	Multiple Plugins by emarket-design <= Multiple Versions - Unauthenticated Limited Remote Code Execution HIGH (8.1) Multiple plugins for WordPress by emarket-design with the 'emd-form-builder-lite' package are vulnerable to Remote Code Execution in various versions via the emd_form_builder_lite_pagenum function. This is due to the plugin not properly validating user input before using it as a function name. This makes it possible for unauthenticated attackers to execute code on the server, however, parameters can not be passed to the functions called Published: 2025-08-06T02:24:12.120Z Updated: 2026-04-08T16:56:28.904Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/601aa2b5-aeac-49bc-960d-4b4ff83e9229?source=cve https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3338854%40request-a-quote&new=3338854%40request-a-quote&sfp_email=&sfph_mail= https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3340992%40software-issue-manager&new=3340992%40software-issue-manager&sfp_email=&sfph_mail= https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3341064%40wp-ticket&new=3341064%40wp-ticket&sfp_email=&sfph_mail= https://plugins.trac.wordpress.org/changeset/3346435/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Employee Directory – Staff Directory And Listing

PURL mappings

Vulnerability references

Contribute