cleantalk
Vulnerabilities and Security Researches

Faculty Staff and Student Directory Plugin – Campus Directory, CVE-2025-8313

CVE, Research URL

CVE-2025-8313

Home page URL

Security reports for Faculty Staff and Student Directory Plugin – Campus Directory

Application

Faculty Staff and Student Directory Plugin – Campus Directory

Published on
Aug 05, 2025
Research Description
The Campus Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccess_msg’ parameter in all versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 1.9.2.
Status
vulnerable
Previous vulnerability researches
Backup Bolt (CVE-2023-7236) , Jun 10, 2024
Backup Bolt (bc0c1fa51c016cd29c9a4fcba7b97da23cfc4c93) , Jun 11, 2024
New vulnerability
Exclusive Addons for Elementor (CVE-2025-7498) , Aug 06, 2025
Advanced Custom Fields (ACF) (CVE-2012-10025) , Aug 06, 2025
Classified Listing – Classified ads & Business Directory Plugin (CVE-2025-54698) , Aug 06, 2025
Graphina – Elementor Charts and Graphs (CVE-2025-23968) , Aug 06, 2025
GiveWP – Donation Plugin and Fundraising Platform (CVE-2025-8620) , Aug 06, 2025