3 matches found
CVE-2025-8313
CVE-2025-8313 affects the Campus Directory plugin for WordPress. A Stored Cross-Site Scripting flaw exists via the noaccess_msg parameter in all versions up to 1.9.1. Exploitation requires Contributor+ authentication, with scripts executed when an injected page is viewed. Mitigation: update to a ...
CVE-2025-8313 Campus Directory <= 1.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via noaccess_msg Parameter
The Campus Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccessmsg’ parameter in all versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
WordPress Campus Directory plugin <= 1.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via noaccess_msg Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via noaccessmsg Parameter vulnerability discovered by muhammad yudha in WordPress Plugin Campus Directory versions = 1.9.1...