cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forcampus-directory campus-directory

Direction: ascending
Jun 07, 2024

Faculty Staff and Student Directory Plugin – Campus Directory # 890da7ba0ff2207702edcd9bb2b04ccc2b0df31c

CVE, Research URL

890da7ba0ff2207702edcd9bb2b04ccc2b0df31c

Home page URL

Security reports for Faculty Staff and Student Directory Plugin – Campus Directory

Application

Faculty Staff and Student Directory Plugin – Campus Directory

Date
Apr 05, 2022
Research Description
Faculty Staff and Student Directory Plugin &#8211; Campus Directory [campus-directory] < 1.7.5 WordPress Campus Directory plugin <= 1.7.4 - Stored Cross-Site Scripting (XSS) vulnerability Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Campus Directory plugin (versions <= 1.7.4).
Affected versions
Min -, max -.
Status
vulnerable
Jun 05, 2025

Faculty Staff and Student Directory Plugin &#8211; Campus Directory # CVE-2025-5532

CVE, Research URL

CVE-2025-5532

Home page URL

Security reports for Faculty Staff and Student Directory Plugin &#8211; Campus Directory

Application

Faculty Staff and Student Directory Plugin &#8211; Campus Directory

Date
Jun 04, 2025
Research Description
The Campus Directory – Faculty, Staff & Student Directory Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emd_mb_meta' shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max -.
Status
vulnerable