CVE-2022-1556

CVE-2022-1556: StaffList < 3.1.5 - Admin+ SQLi

Vendor Unknown

Product StaffList

Weakness CWE-89 · SQLi

Published May 30, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The StaffList WordPress plugin before 3.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement when searching for Staff in the admin dashboard, leading to an SQL Injection

Key dates

02Disclosure timeline

May 30, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1556 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2025-12166 Simply Schedule Appointments <= 1.6.9.9 - Unauthenticated SQL Injection via `order` and `append_where_sql` Parameters CVE-2025-14335 itsourcecode Student Management System new_school_year.php sql injection CVE-2024-9034 code-projects Patient Record Management System login.php sql injection CVE-2025-6668 code-projects Inventory Management System fetchSelectedBrand.php sql injection CVE-2025-68056 WordPress LBG Zoominoutslider plugin <= 5.4.4 - SQL Injection vulnerability