StaffList

Vulnerabilities 12Slug stafflistLatest version 3.2.7WordPress.org →

Minimum safe version

3.2.7

Update to 3.2.7 or later to address 9 fixable vulnerabilities

Latest available3.2.7 ✓Affected up to3.1.5 ⚠⚠ 2 vulnerabilities have no fix

Medium 4.4

2025-11-27< 3.2.7

CVE-2025-12185

CVE Wordfence

Medium 4.3 Unfixed

2025-04-04≤ 3.2.7

WordPress StaffList plugin <= 3.2.7 - Broken Access Control vulnerability

CVE Wordfence EUVD

Medium 5.3 Unfixed

2025-04-04≤ 3.2.7

WordPress StaffList plugin <= 3.2.7 - Sensitive Data Exposure vulnerability

CVE Wordfence EUVD

Medium 6.1

2025-02-12< 3.2.4

CVE-2024-13749

CVE EUVD Wordfence Patchstack

N/A

< 3.1.5

StaffList < 3.1.6 - Arbitrary Staff Deletion via CSRF

WPScan

N/A

< 3.1.5

StaffList < 3.1.6 - Reflected Cross-Site Scripting

WPScan

N/A

< 3.1.7

StaffList < 3.1.7 - Reflected Cross-Site Scripting

WPScan

N/A

2022-05-09< 3.1.7

StaffList <= 3.1.6 - Reflected Cross-Site Scripting

Wordfence

N/A

2022-05-04< 3.1.6

WordPress StaffList plugin <= 3.1.5 - Reflected Cross-Site Scripting (XSS) vulnerability

Patchstack

N/A

2022-05-09< 3.1.7

WordPress StaffList plugin <= 3.1.6 - Reflected Cross-Site Scripting (XSS) vulnerability

Patchstack

Critical 9.8

2022-05-30< 3.1.5

CVE-2022-1556

CVE Patchstack Wordfence WPScan

N/A

2022-05-04≤ 3.1.5

WordPress StaffList plugin <= 3.1.5 - Arbitrary Staff Deletion via Cross-Site Request Forgery (CSRF) vulnerability

Patchstack