WP-Safety

Campus Directory – Faculty, Staff & Student Directory Plugin for WordPress Security & Risk Analysis

wordpress.org/plugins/campus-directory

Create a responsive, searchable directory for faculty, staff, or students—perfect for schools, colleges, and universities using WordPress.

90 active installs v1.9.3 PHP + WP 4.5+ Updated Aug 19, 2025
campus-directoryfaculty-directorysearchable-directorystaff-directorystudent-directory
97
A · Safe
CVEs total3
Unpatched0
Last CVEAug 4, 2025
Plugin page Download
Safety Verdict

Is Campus Directory – Faculty, Staff & Student Directory Plugin for WordPress Safe to Use in 2026?

Generally Safe

Score 97/100

Campus Directory – Faculty, Staff & Student Directory Plugin for WordPress has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

3 known CVEsLast CVE: Aug 4, 2025Updated 9mo ago
Risk Assessment

The "campus-directory" plugin v1.9.3 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by consistently using prepared statements for all SQL queries, performing a high percentage of output escaping (82%), and implementing a substantial number of nonce and capability checks (25 and 23 respectively). The absence of currently unpatched CVEs and no critical or high severity vulnerabilities in its history are also encouraging signs.

However, several areas raise concerns. The presence of 7 AJAX handlers without authentication checks represents a significant attack surface, especially when combined with 2 flows identified as high severity in the taint analysis. The use of the `preg_replace` function with the `/e` modifier is a known risk for introducing code execution vulnerabilities, and although no critical issues were found related to it, its presence warrants caution. The plugin also bundles an outdated version of Select2 (v3.2), which may itself contain unpatched vulnerabilities.

Overall, while the plugin has strengths in core security practices like SQL handling and output sanitization, the unprotected AJAX endpoints, identified high-severity taint flows, and the presence of the dangerous `preg_replace` function are notable weaknesses. The historical pattern of medium severity Cross-site Scripting (XSS) vulnerabilities, although currently patched, suggests a potential for such issues if input validation and sanitization aren't meticulously maintained.

Key Concerns

  • Unprotected AJAX handlers
  • High severity taint flows
  • Dangerous function: preg_replace(/e)
  • Bundled outdated library: Select2 v3.2
Vulnerabilities
3 published

Campus Directory – Faculty, Staff & Student Directory Plugin for WordPress Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2025-8313medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Campus Directory <= 1.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via noaccess_msg Parameter

Aug 4, 2025 Patched in 1.9.2 (1d)
CVE-2025-5532medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Faculty Staff and Student Directory Plugin – Campus Directory <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jun 3, 2025 Patched in 1.9.1 (57d)
WF-438bbd0f-5204-4a71-9730-efa51d864832-campus-directorymedium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Faculty Staff and Student Directory Plugin – Campus Directory <= 1.7.4 - Authenticated Stored Cross-Site Scripting

Apr 5, 2022 Patched in 1.7.5 (658d)
Version History

Campus Directory – Faculty, Staff & Student Directory Plugin for WordPress Release Timeline

v1.9.3Current
v1.9.2
v1.9.11 CVE
CVE-2025-8313
v1.9.02 CVEs
CVE-2025-5532 CVE-2025-8313
v1.8.02 CVEs
CVE-2025-5532 CVE-2025-8313
v1.7.72 CVEs
CVE-2025-5532 CVE-2025-8313
v1.7.62 CVEs
CVE-2025-5532 CVE-2025-8313
v1.7.52 CVEs
CVE-2025-5532 CVE-2025-8313
v1.7.43 CVEs
CVE-2025-5532 WF-438bbd0f-5204-4a71-9730-efa51d864832-campus-directory CVE-2025-8313
v1.7.33 CVEs
CVE-2025-5532 WF-438bbd0f-5204-4a71-9730-efa51d864832-campus-directory CVE-2025-8313
v1.7.23 CVEs
CVE-2025-5532 WF-438bbd0f-5204-4a71-9730-efa51d864832-campus-directory CVE-2025-8313
v1.7.03 CVEs
CVE-2025-5532 WF-438bbd0f-5204-4a71-9730-efa51d864832-campus-directory CVE-2025-8313
v1.6.03 CVEs
CVE-2025-5532 WF-438bbd0f-5204-4a71-9730-efa51d864832-campus-directory CVE-2025-8313
v1.5.03 CVEs
CVE-2025-5532 WF-438bbd0f-5204-4a71-9730-efa51d864832-campus-directory CVE-2025-8313
v1.4.13 CVEs
CVE-2025-5532 WF-438bbd0f-5204-4a71-9730-efa51d864832-campus-directory CVE-2025-8313
v1.4.03 CVEs
CVE-2025-5532 WF-438bbd0f-5204-4a71-9730-efa51d864832-campus-directory CVE-2025-8313
v1.3.53 CVEs
CVE-2025-5532 WF-438bbd0f-5204-4a71-9730-efa51d864832-campus-directory CVE-2025-8313
v1.3.43 CVEs
CVE-2025-5532 WF-438bbd0f-5204-4a71-9730-efa51d864832-campus-directory CVE-2025-8313
v1.3.33 CVEs
CVE-2025-5532 WF-438bbd0f-5204-4a71-9730-efa51d864832-campus-directory CVE-2025-8313
v1.3.23 CVEs
CVE-2025-5532 WF-438bbd0f-5204-4a71-9730-efa51d864832-campus-directory CVE-2025-8313
Code Analysis
Analyzed Mar 16, 2026

Campus Directory – Faculty, Staff & Student Directory Plugin for WordPress Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
22 prepared
Unescaped Output
327
1495 escaped
Nonce Checks
25
Capability Checks
23
File Operations
2
External Requests
2
Bundled Libraries
1

Dangerous Functions Found

preg_replace(/e)preg_replace('/eincludes\emd-form-builder-lite\emd-form-functions.php:495
preg_replace(/e)preg_replace('/eincludes\emd-form-builder-lite\emd-form-functions.php:516

Bundled Libraries

Select23.2

SQL Query Safety

100% prepared22 total queries

Output Escaping

82% escaped1822 total outputs
Data Flows · Security
7 unsanitized

Data Flow Analysis

15 flows7 with unsanitized paths
emd_form_builder_lite_get_field (includes\emd-form-builder-lite\emd-form-builder.php:831)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
7 unprotected

Campus Directory – Faculty, Staff & Student Directory Plugin for WordPress Attack Surface

Entry Points29
Unprotected7

AJAX Handlers 27

authwp_ajax_emd_insert_new_shcincludes\admin\shortcode-list-functions.php:72
authwp_ajax_emd_load_fileincludes\class-install-deactivate.php:54
noprivwp_ajax_emd_load_fileincludes\class-install-deactivate.php:55
authwp_ajax_emd_delete_fileincludes\class-install-deactivate.php:56
noprivwp_ajax_emd_delete_fileincludes\class-install-deactivate.php:57
authwp_ajax_emd_check_userEmailincludes\common-functions.php:541
authwp_ajax_emd_check_uniqueincludes\common-functions.php:570
authwp_ajax_emd_form_builder_lite_get_fieldincludes\emd-form-builder-lite\emd-form-builder.php:830
authwp_ajax_emd_form_builder_lite_get_pageincludes\emd-form-builder-lite\emd-form-builder.php:1192
authwp_ajax_emd_form_builder_lite_get_rowincludes\emd-form-builder-lite\emd-form-builder.php:1245
authwp_ajax_emd_form_builder_lite_save_formincludes\emd-form-builder-lite\emd-form-builder.php:1272
authwp_ajax_emd_form_builder_lite_get_hrincludes\emd-form-builder-lite\emd-form-builder.php:1391
authwp_ajax_emd_form_builder_lite_get_htmlincludes\emd-form-builder-lite\emd-form-builder.php:1411
authwp_ajax_emd_formb_lite_submit_ajax_formincludes\emd-form-builder-lite\emd-form-frontend.php:9
noprivwp_ajax_emd_formb_lite_submit_ajax_formincludes\emd-form-builder-lite\emd-form-frontend.php:10
noprivwp_ajax_emd_check_userEmailincludes\emd-form-builder-lite\emd-form-frontend.php:11
noprivwp_ajax_emd_check_uniqueincludes\emd-form-builder-lite\emd-form-frontend.php:12
noprivwp_ajax_emd_lite_process_loginincludes\emd-form-builder-lite\emd-form-frontend.php:1931
authwp_ajax_emd_lite_process_loginincludes\emd-form-builder-lite\emd-form-frontend.php:1932
noprivwp_ajax_emd_lite_verify_registrationincludes\emd-form-builder-lite\emd-form-frontend.php:2019
authwp_ajax_emd_lite_verify_registrationincludes\emd-form-builder-lite\emd-form-frontend.php:2020
authwp_ajax_emd_form_builder_lite_pagenumincludes\emd-form-builder-lite\emd-form-functions.php:1091
noprivwp_ajax_emd_form_builder_lite_pagenumincludes\emd-form-builder-lite\emd-form-functions.php:1092
noprivwp_ajax_emd_verify_emailincludes\login-register-functions.php:106
authwp_ajax_emd_verify_emailincludes\login-register-functions.php:107
authwp_ajax_campus_directory_send_deactivate_reasonincludes\plugin-feedback-functions.php:11
authwp_ajax_campus_directory_show_ratemeincludes\plugin-feedback-functions.php:16

Shortcodes 2

[emd_form] includes\emd-form-builder-lite\emd-form-frontend.php:400
[people_grid] includes\entities\emd-person-shortcodes.php:56
WordPress Hooks 81
filterthe_contentcampus-directory.php:58
actionadmin_menucampus-directory.php:62
filtertemplate_includecampus-directory.php:66
actioncampus_directory_getting_startedincludes\admin\getting-started.php:9
actioncampus_directory_settings_glossaryincludes\admin\glossary.php:9
actionemd_ext_registerincludes\admin\settings-functions-globs.php:11
filteremd_add_settings_tabincludes\admin\settings-functions-globs.php:12
actionemd_show_settings_tabincludes\admin\settings-functions-globs.php:13
actionemd_ext_registerincludes\admin\settings-functions-misc.php:11
filteremd_add_settings_tabincludes\admin\settings-functions-misc.php:12
actionemd_show_settings_tabincludes\admin\settings-functions-misc.php:13
actionemd_ext_registerincludes\admin\settings-functions.php:11
actionemd_show_settings_pageincludes\admin\settings-functions.php:12
actionemd_show_shortcodes_pageincludes\admin\shortcode-list-functions.php:4
actionemd_create_shc_with_filtersincludes\admin\shortcode-list-functions.php:53
filtermedia_buttonsincludes\admin\wpas-btn-functions.php:10
actionadmin_footerincludes\admin\wpas-btn-functions.php:11
filterkses_allowed_protocolsincludes\admin\wpas-btn-functions.php:222
filterposts_whereincludes\class-emd-query.php:91
filterposts_joinincludes\class-emd-query.php:94
filteremd_wp_session_cookie_secureincludes\class-emd-session.php:59
filteremd_wp_session_cookie_httponlyincludes\class-emd-session.php:60
filteremd_wp_session_delete_batch_sizeincludes\class-emd-session.php:61
actionadmin_initincludes\class-install-deactivate.php:21
actionwp_headincludes\class-install-deactivate.php:33
actionadmin_initincludes\class-install-deactivate.php:37
actionadmin_noticesincludes\class-install-deactivate.php:41
actionadmin_initincludes\class-install-deactivate.php:45
actionbefore_delete_postincludes\class-install-deactivate.php:49
filterget_media_item_argsincludes\class-install-deactivate.php:53
actioninitincludes\class-install-deactivate.php:58
filtertiny_mce_before_initincludes\class-install-deactivate.php:63
actionemd_ext_set_confincludes\emd-form-builder-lite\emd-form-builder.php:12
actionemd_ext_initincludes\emd-form-builder-lite\emd-form-builder.php:22
filterposts_whereincludes\emd-form-builder-lite\emd-form-builder.php:48
actionemd_ext_admin_enqincludes\emd-form-builder-lite\emd-form-builder.php:50
actionemd_show_forms_lite_pageincludes\emd-form-builder-lite\emd-form-builder.php:282
actioninitincludes\emd-form-builder-lite\emd-form-frontend.php:44
filteremd_ext_parse_tagsincludes\emd-form-builder-lite\emd-form-functions.php:775
actioninitincludes\emd-form-builder-lite\emd-form-functions.php:801
filterkses_allowed_protocolsincludes\emd-form-builder-lite\emd-form-functions.php:1169
actionemd_ext_registerincludes\emd-form-builder-lite\settings-functions-login.php:12
filteremd_add_settings_tabincludes\emd-form-builder-lite\settings-functions-login.php:13
actionemd_show_settings_tabincludes\emd-form-builder-lite\settings-functions-login.php:14
actionemd_ext_admin_enqincludes\emd-lite\emd-lite.php:8
filteremd_lite_modalincludes\emd-lite\emd-lite.php:26
actionsave_postincludes\entities\class-emd-entity.php:96
actionsave_postincludes\entities\class-emd-entity.php:133
actioninitincludes\entities\class-emd-person.php:27
actionadmin_initincludes\entities\class-emd-person.php:31
actionsave_postincludes\entities\class-emd-person.php:35
filterpost_updated_messagesincludes\entities\class-emd-person.php:39
actionadmin_menuincludes\entities\class-emd-person.php:43
actionadmin_head-edit.phpincludes\entities\class-emd-person.php:47
actionmanage_emd_person_posts_custom_columnincludes\entities\class-emd-person.php:53
filtermanage_emd_person_posts_columnsincludes\entities\class-emd-person.php:57
filterpost_row_actionsincludes\entities\class-emd-person.php:62
actionadmin_action_emd_duplicate_entityincludes\entities\class-emd-person.php:66
actionadmin_noticesincludes\entities\class-emd-person.php:601
filterthe_titleincludes\entities\class-emd-person.php:702
actionwp_footerincludes\entities\emd-person-shortcodes.php:62
filterwidget_textincludes\entities\emd-person-shortcodes.php:118
filterwidget_textincludes\entities\emd-person-shortcodes.php:119
filteremd_show_temp_sidebarincludes\layout-functions.php:166
actionemd_sidebarincludes\layout-functions.php:196
actionwidgets_initincludes\layout-functions.php:213
filteremd_show_temp_navigationincludes\layout-functions.php:290
filteremd_show_single_edit_linkincludes\layout-functions.php:320
filteremd_change_containerincludes\layout-functions.php:332
filteremd_get_login_register_option_for_viewsincludes\login-register-functions.php:8
actionemd_show_login_register_formsincludes\login-register-functions.php:22
actionemd_ext_set_confincludes\plugin-app-functions.php:8
actionemd_ext_reset_confincludes\plugin-app-functions.php:9
filterplugin_row_metaincludes\plugin-feedback-functions.php:9
filterplugin_action_linksincludes\plugin-feedback-functions.php:10
actionadmin_footerincludes\plugin-feedback-functions.php:14
actionadmin_noticesincludes\plugin-feedback-functions.php:17
actionadmin_post_campus-directory_check_optinincludes\plugin-feedback-functions.php:18
actionadmin_enqueue_scriptsincludes\scripts.php:9
actionwp_enqueue_scriptsincludes\scripts.php:134
actionadmin_print_footer_scriptsincludes\scripts.php:269
Maintenance & Trust

Campus Directory – Faculty, Staff & Student Directory Plugin for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedAug 19, 2025
PHP min version
Downloads14K

Community Trust

Rating60/100
Number of ratings2
Active installs90
Alternatives

Campus Directory – Faculty, Staff & Student Directory Plugin for WordPress Alternatives

Business Directory Plugin – Easy Listing Directories for WordPress

Business Directory Plugin – Easy Listing Directories for WordPress

business-directory-plugin

B
82

The easy Business Directory Plugin for WordPress. Build an easy team directory, member directory, staff directory, church directory, and more.

10K 16 CVEs
Team Members – Multi Language Supported Team Plugin

Team Members – Multi Language Supported Team Plugin

team-showcase-supreme

A
95

Multi-language supported Team Members - Team with Slide is the best plugins to display unlimited team in Carouse and Grid view.

7K 3 CVEs
Organization chart

Organization chart

organization-chart

A
96

WordPress organization chart plugin is a nice and handy tool for creating simple and nice organizational charts. If you have any suggestions about the &hellip;

5K 5 CVEs
Team Members Showcase

Team Members Showcase

wps-team

A
96

WordPress Team Members Showcase plugin – display staff or team profiles in grids, sliders, tables, or lists with filters, popups, drawers & panels.

4K 3 CVEs
Simple Staff List

Simple Staff List

simple-staff-list

A
91

A simple plugin to build and display a staff listing for your website.

3K 3 CVEs
Developer Profile

Campus Directory – Faculty, Staff & Student Directory Plugin for WordPress Developer Profile

emarket-design

10 plugins · 4K total installs

74
trust score
Avg Security Score
93/100
Avg Patch Time
247 days
View full developer profile
Detection Fingerprints

How We Detect Campus Directory – Faculty, Staff & Student Directory Plugin for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/campus-directory/assets/css/campus-directory.css/wp-content/plugins/campus-directory/assets/js/campus-directory.js/wp-content/plugins/campus-directory/assets/js/emd-autocomplete.js/wp-content/plugins/campus-directory/assets/js/jquery.fancybox.pack.js/wp-content/plugins/campus-directory/assets/js/jquery.isotope.min.js/wp-content/plugins/campus-directory/assets/js/jquery.multiselect.js/wp-content/plugins/campus-directory/assets/js/masonry.pkgd.min.js/wp-content/plugins/campus-directory/assets/js/owl.carousel.min.js+2 more
Script Paths
/wp-content/plugins/campus-directory/assets/js/campus-directory.js/wp-content/plugins/campus-directory/assets/js/emd-autocomplete.js/wp-content/plugins/campus-directory/assets/js/jquery.fancybox.pack.js/wp-content/plugins/campus-directory/assets/js/jquery.isotope.min.js/wp-content/plugins/campus-directory/assets/js/jquery.multiselect.js/wp-content/plugins/campus-directory/assets/js/masonry.pkgd.min.js+3 more
Version Parameters
campus-directory/assets/css/campus-directory.css?ver=campus-directory/assets/js/campus-directory.js?ver=campus-directory/assets/js/emd-autocomplete.js?ver=campus-directory/assets/js/jquery.fancybox.pack.js?ver=campus-directory/assets/js/jquery.isotope.min.js?ver=campus-directory/assets/js/jquery.multiselect.js?ver=campus-directory/assets/js/masonry.pkgd.min.js?ver=campus-directory/assets/js/owl.carousel.min.js?ver=campus-directory/assets/js/parsley.min.js?ver=campus-directory/assets/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
emd-person-wrapemd-person-contentemd-person-thumbemd-person-contactemd-person-detailsemd-person-wrapperemd_single_personemd_persons_list+1 more
HTML Comments
<!-- Plugin specific --><!-- EMD Plugin: Campus Directory --><!-- END EMD Plugin: Campus Directory -->
Data Attributes
data-emd-iddata-emd-typedata-filter-groupdata-layoutdata-filterdata-filter-tag
JS Globals
campus_directory_params
REST Endpoints
/wp-json/campus-directory/v1/people/wp-json/campus-directory/v1/departments
Shortcode Output
<div class="emd_persons_list"><div class="emd_single_person">
FAQ

Frequently Asked Questions about Campus Directory – Faculty, Staff & Student Directory Plugin for WordPress