CVE-2025-53243

Unknown Unknown - Not Provided

BaseFortify

Publication date: 2025-08-28

Last updated on: 2026-04-28

Assigner: Patchstack

Description

Deserialization of Untrusted Data vulnerability in emarket-design Employee Directory – Staff Listing & Team Directory Plugin for WordPress employee-directory allows Object Injection.This issue affects Employee Directory – Staff Listing & Team Directory Plugin for WordPress: from n/a through <= 4.5.5.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2025-08-28

Last Modified

2026-04-28

Generated

2026-06-16

AI Q&A

2025-08-28

EPSS Evaluated

2026-06-14

NVD

CVE-2025-53243

EUVD

EUVD-2025-25997

Affected Vendors & Products

Vendor	Product	Version / Range
patchstack	employee_directory	*

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-502	The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Attack-Flow Graph

Impact Analysis

This vulnerability can have a severe impact, including unauthorized remote code execution, data manipulation, or denial of service. Because it allows object injection, an attacker could potentially take control of the affected system or disrupt its normal operation.

Executive Summary

This vulnerability is a Deserialization of Untrusted Data issue in the Employee Directory – Staff Listing & Team Directory Plugin for WordPress. It allows an attacker to perform Object Injection, which can lead to malicious code execution or other harmful actions by manipulating serialized data processed by the plugin.

Hi! I’m here to help you understand CVE-2025-53243. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2025-53243

BaseFortify

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart