N/A
2026-03-20< 3.0.19
Contact List <= 3.0.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via '_cl_map_iframe' Parameter
Contact List – Online Staff Directory & Address Book
Minimum safe version
3.0.19
Update to 3.0.19 or later to address 9 fixable vulnerabilities
Latest available3.0.21 ✓
Medium 6.3
2024-10-16< 2.9.50
Freemius SDK <= 2.4.2 - Missing Authorization Checks
Medium 5.3
2024-06-11< 2.9.88
CVE-2024-34821
N/A
2023-07-18< 2.9.73
WordPress Contact List – Easy Business Directory, Staff Directory and Address Book Plugin Plugin < 2.9.73 is vulnerable to Cross Site Scripting (XSS)
N/A
2021-08-24< 2.9.42
Contact List – Easy Business Directory, Staff Directory and Address Book Plugin <= 2.9.41 - Reflected Cross-Site Scripting
N/A
2022-03-04< 2.9.50
Freemius SDK <= 2.4.2 - Missing Authorization Checks
N/A
< 2.9.42
Contact List < 2.9.42 - Reflected Cross-Site Scripting
N/A
2022-02-28< 2.9.50
WordPress "Contact List – Easy Business Directory, Staff Directory and Address Book Plugin" plugin < 2.9.50 - Sensitive Information Disclosure vulnerability
N/A
2022-02-28< 2.9.50
WordPress "Contact List – Easy Business Directory, Staff Directory and Address Book Plugin" plugin < 2.9.50 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability