Browse all 7 CVE security advisories affecting era404. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Era404 develops security testing tools and penetration services, primarily focusing on web application and API security analysis. Historically, their research has commonly identified vulnerabilities including remote code execution, cross-site scripting, and privilege escalation flaws across various platforms. The security researcher has documented seven CVEs, with notable work including critical findings in widely-used enterprise software. Their research typically emphasizes real-world exploitability rather than theoretical vulnerabilities, often providing detailed proof-of-concept code. While no major public security incidents are directly attributed to era404, their findings have frequently prompted emergency patches from affected vendors, demonstrating significant impact on organizational security postures.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-12185 | StaffList <= 3.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting — StaffListCWE-79 | 4.4 | Medium | 2025-11-27 |
| CVE-2025-32255 | WordPress StaffList plugin <= 3.2.7 - Sensitive Data Exposure vulnerability — StaffListCWE-497 | 5.3 | Medium | 2025-04-04 |
| CVE-2025-32232 | WordPress StaffList plugin <= 3.2.7 - Broken Access Control vulnerability — StaffListCWE-862 | 4.3 | Medium | 2025-04-04 |
| CVE-2024-13749 | StaffList <= 3.2.3 - Cross-Site Request Forgery to Reflected Cross-Site Scripting — StaffListCWE-79 | 6.1 | Medium | 2025-02-12 |
This page lists every published CVE security advisory associated with era404. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.