CVE-2025-5532: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in emarket-design Campus Directory – Faculty, Staff & Student Directory Plugin for WordPress
The Campus Directory – Faculty, Staff & Student Directory Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emd_mb_meta' shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
AI Analysis
Technical Summary
CVE-2025-5532 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Campus Directory – Faculty, Staff & Student Directory Plugin for WordPress developed by emarket-design. This vulnerability exists in all versions up to and including 1.9.0 of the plugin. The root cause is improper neutralization of input during web page generation, specifically insufficient input sanitization and output escaping on user-supplied attributes within the plugin's 'emd_mb_meta' shortcode. Authenticated attackers with contributor-level privileges or higher can exploit this flaw by injecting arbitrary malicious scripts into pages generated by the plugin. These scripts are stored persistently and executed whenever any user accesses the compromised page, potentially leading to session hijacking, privilege escalation, or other malicious activities. The vulnerability has a CVSS 3.1 base score of 6.4, indicating a medium severity level. The attack vector is network-based with low attack complexity, requiring privileges equivalent to contributor access but no user interaction is needed for exploitation. The scope is changed, meaning the vulnerability can affect resources beyond the initially compromised component. No known public exploits have been reported yet, and no patches are currently linked, which suggests that organizations using this plugin should prioritize mitigation steps promptly to prevent exploitation.
Potential Impact
For European organizations, especially educational institutions and universities that commonly use WordPress plugins like the Campus Directory for managing faculty, staff, and student information, this vulnerability poses a significant risk. Exploitation could lead to unauthorized script execution in the context of the affected websites, enabling attackers to steal session cookies, deface websites, redirect users to malicious sites, or perform actions on behalf of legitimate users. This can damage institutional reputation, lead to data breaches involving personal information of students and staff, and potentially disrupt critical academic services. Since the vulnerability requires contributor-level access, insider threats or compromised accounts could be leveraged to exploit this flaw. The persistent nature of stored XSS also increases the risk of widespread impact as multiple users accessing the infected pages can be affected. Given the widespread use of WordPress in Europe and the critical nature of educational portals, the impact could be substantial if not mitigated timely.
Mitigation Recommendations
European organizations should immediately audit their WordPress installations to identify if the Campus Directory – Faculty, Staff & Student Directory Plugin by emarket-design is in use and verify the version. Until an official patch is released, organizations should consider the following specific mitigations: 1) Restrict contributor-level access strictly to trusted users and review user permissions to minimize the number of accounts with such privileges. 2) Implement Web Application Firewall (WAF) rules to detect and block suspicious input patterns related to the 'emd_mb_meta' shortcode parameters. 3) Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts on affected pages. 4) Conduct regular security scanning and monitoring for anomalous activities or injected scripts within the WordPress environment. 5) Educate site administrators and contributors about the risks of injecting untrusted content and enforce strict content validation policies. 6) Monitor official vendor channels for patch releases and apply updates immediately once available. 7) Consider temporary disabling or removing the vulnerable plugin if feasible until a secure version is released.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Sweden, Belgium, Poland, Austria
CVE-2025-5532: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in emarket-design Campus Directory – Faculty, Staff & Student Directory Plugin for WordPress
Description
The Campus Directory – Faculty, Staff & Student Directory Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emd_mb_meta' shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
AI-Powered Analysis
Technical Analysis
CVE-2025-5532 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Campus Directory – Faculty, Staff & Student Directory Plugin for WordPress developed by emarket-design. This vulnerability exists in all versions up to and including 1.9.0 of the plugin. The root cause is improper neutralization of input during web page generation, specifically insufficient input sanitization and output escaping on user-supplied attributes within the plugin's 'emd_mb_meta' shortcode. Authenticated attackers with contributor-level privileges or higher can exploit this flaw by injecting arbitrary malicious scripts into pages generated by the plugin. These scripts are stored persistently and executed whenever any user accesses the compromised page, potentially leading to session hijacking, privilege escalation, or other malicious activities. The vulnerability has a CVSS 3.1 base score of 6.4, indicating a medium severity level. The attack vector is network-based with low attack complexity, requiring privileges equivalent to contributor access but no user interaction is needed for exploitation. The scope is changed, meaning the vulnerability can affect resources beyond the initially compromised component. No known public exploits have been reported yet, and no patches are currently linked, which suggests that organizations using this plugin should prioritize mitigation steps promptly to prevent exploitation.
Potential Impact
For European organizations, especially educational institutions and universities that commonly use WordPress plugins like the Campus Directory for managing faculty, staff, and student information, this vulnerability poses a significant risk. Exploitation could lead to unauthorized script execution in the context of the affected websites, enabling attackers to steal session cookies, deface websites, redirect users to malicious sites, or perform actions on behalf of legitimate users. This can damage institutional reputation, lead to data breaches involving personal information of students and staff, and potentially disrupt critical academic services. Since the vulnerability requires contributor-level access, insider threats or compromised accounts could be leveraged to exploit this flaw. The persistent nature of stored XSS also increases the risk of widespread impact as multiple users accessing the infected pages can be affected. Given the widespread use of WordPress in Europe and the critical nature of educational portals, the impact could be substantial if not mitigated timely.
Mitigation Recommendations
European organizations should immediately audit their WordPress installations to identify if the Campus Directory – Faculty, Staff & Student Directory Plugin by emarket-design is in use and verify the version. Until an official patch is released, organizations should consider the following specific mitigations: 1) Restrict contributor-level access strictly to trusted users and review user permissions to minimize the number of accounts with such privileges. 2) Implement Web Application Firewall (WAF) rules to detect and block suspicious input patterns related to the 'emd_mb_meta' shortcode parameters. 3) Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts on affected pages. 4) Conduct regular security scanning and monitoring for anomalous activities or injected scripts within the WordPress environment. 5) Educate site administrators and contributors about the risks of injecting untrusted content and enforce strict content validation policies. 6) Monitor official vendor channels for patch releases and apply updates immediately once available. 7) Consider temporary disabling or removing the vulnerable plugin if feasible until a secure version is released.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2025-06-03T14:57:17.755Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 683ffd67182aa0cae2a387ed
Added to database: 6/4/2025, 8:01:43 AM
Last enriched: 7/5/2025, 11:55:59 PM
Last updated: 8/3/2025, 2:19:56 AM
Views: 12
Related Threats
CVE-2025-55159: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer in tokio-rs slab
MediumCVE-2025-55161: CWE-918: Server-Side Request Forgery (SSRF) in Stirling-Tools Stirling-PDF
HighCVE-2025-25235: CWE-918 Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway
HighCVE-2025-55151: CWE-918: Server-Side Request Forgery (SSRF) in Stirling-Tools Stirling-PDF
HighCVE-2025-55150: CWE-918: Server-Side Request Forgery (SSRF) in Stirling-Tools Stirling-PDF
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.