cleantalk
Vulnerabilities and Security Researches

Faculty Staff and Student Directory Plugin – Campus Directory, CVE-2025-8313

CVE, Research URL

CVE-2025-8313

Home page URL

Security reports for Faculty Staff and Student Directory Plugin – Campus Directory

Application

Faculty Staff and Student Directory Plugin – Campus Directory

Published on
Aug 05, 2025
Research Description
The Campus Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccess_msg’ parameter in all versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 1.9.2.
Status
vulnerable
Previous vulnerability researches
Ultimate Classified Listings (CVE-2024-52487) , Nov 23, 2024
Ultimate Classified Listings (CVE-2024-52448) , Nov 22, 2024
Ultimate Classified Listings (CVE-2024-13753) , Feb 22, 2025
Ultimate Classified Listings (CVE-2024-13748) , Feb 22, 2025
Ultimate Classified Listings (CVE-2024-5882) , Jul 17, 2024
New vulnerability
Faculty Staff and Student Directory Plugin – Campus Directory (CVE-2025-8313) , Aug 06, 2025
Chartify – WordPress Chart Plugin (CVE-2025-54673) , Aug 05, 2025
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction (CVE-2025-54017) , Aug 05, 2025
Motors – Car Dealer, Classifieds & Listing (CVE-2025-54691) , Aug 05, 2025
Ebook Store (CVE-2025-54702) , Aug 05, 2025