Faculty Staff and Student Directory Plugin

CVE Details

Basic Information

Title	Faculty Staff and Student Directory Plugin – Campus Directory <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Type	cve
Published	2025-06-04T03:40:58.751Z
Last Seen

Product Information

Vendor	emarket-design
Product	Campus Directory – Faculty, Staff & Student Directory Plugin for WordPress
Version	*

CVSS Information

Base Score	6.4 (MEDIUM)
Attack Vector	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Confidentiality Impact
Integrity Impact
Availability Impact

AI Analysis

AI Description	The Campus Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via the ’emd_mb_meta’ shortcode, allowing authenticated attackers with contributor-level access or higher to inject malicious scripts. This vulnerability affects all versions up to and including 1.9.0.
AI Severity	Medium
Vendor	emarket-design
Product	Campus Directory – Faculty, Staff & Student Directory Plugin for WordPress
Affected Version	1.9.0 and earlier

Additional Information

CVE List
CWE List	CWE-79
Bulletin Family
Source Data	emarket-design Campus Directory – Faculty, Staff & Student Directory Plugin for WordPress *

Source Information

Source Data	emarket-design Campus Directory – Faculty, Staff & Student Directory Plugin for WordPress *
Source Link

Description

The Campus Directory – Faculty, Staff & Student Directory Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ’emd_mb_meta’ shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS Score Summary

Base Score: 6.4 (MEDIUM)

View Full CVE Details