Deserialization Vulnerability in Employee Directory Plugin for WordPress
CVE-2025-53243
8.1HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 28 August 2025
What is CVE-2025-53243?
A deserialization of untrusted data vulnerability has been identified in the Employee Directory β Staff Listing & Team Directory Plugin for WordPress. This vulnerability allows for potential object injection, posing risks to the integrity of the application. Users of versions up to 4.5.3 should be aware that this issue could allow an attacker to exploit the deserialization mechanism, leading to unauthorized actions within the system.
Affected Version(s)
Employee Directory β Staff Listing & Team Directory Plugin for WordPress <= 4.5.3
References
CVSS V3.1
Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Martino Spagnuolo (r3verii) (Patchstack Alliance)