WP-Safety

Faculty and Staff Directory Security & Risk Analysis

wordpress.org/plugins/faculty-and-staff-directory

A Faculty and Staff Directory listing for a college, university, or other school.

10 active installs v1.51 PHP + WP 3.0.1+ Updated Unknown
directoryfacultystaffuniversity
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Faculty and Staff Directory Safe to Use in 2026?

Generally Safe

Score 100/100

Faculty and Staff Directory has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The faculty-and-staff-directory plugin version 1.51 presents a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and including a nonce check. Its vulnerability history is clean, with no recorded CVEs, suggesting a potentially well-maintained codebase or a lack of past security scrutiny. However, several concerns arise from the static analysis. The presence of `create_function`, a deprecated and often insecure PHP function, is a significant red flag. Furthermore, a very low percentage of output is properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities, especially considering the plugin has at least one shortcode which can be an entry point for user-supplied data to reach output functions. The absence of capability checks on its single entry point (shortcode) also means any authenticated user could potentially leverage its functionality, even if they are not intended to.

Key Concerns

  • Use of deprecated and insecure create_function()
  • Low output escaping rate (12%)
  • Missing capability checks on entry point
Vulnerabilities
None known

Faculty and Staff Directory Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Faculty and Staff Directory Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
84
11 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

create_functionadd_action('widgets_init', create_function('', 'return register_widget("fsdirectory_widget");'));faculty-staff-directory.php:388

Output Escaping

12% escaped95 total outputs
Attack Surface

Faculty and Staff Directory Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[fsdirectory] faculty-staff-directory.php:332
WordPress Hooks 18
actionadmin_initadmin\facultystaff-admin.php:13
filterplugin_action_linksadmin\facultystaff-admin.php:15
actionadmin_menuadmin\facultystaff-admin.php:25
actionwp_enqueue_scriptsdisplay-templates\facstaff-template-dual.php:29
actionwp_enqueue_scriptsdisplay-templates\facstaff-template-triple.php:29
actionwp_enqueue_scriptsdisplay-templates\facstaff-template.php:29
actionadmin_enqueue_scriptsfaculty-staff-directory.php:33
actioninitfaculty-staff-directory.php:66
actioninitfaculty-staff-directory.php:96
actiontemplate_redirectfaculty-staff-directory.php:99
filterthe_contentfaculty-staff-directory.php:104
actionadd_meta_boxesfaculty-staff-directory.php:135
filtergettextfaculty-staff-directory.php:138
actionadmin_initfaculty-staff-directory.php:145
actionsave_postfaculty-staff-directory.php:265
filtermanage_facstaff_posts_columnsfaculty-staff-directory.php:268
actionmanage_facstaff_posts_custom_columnfaculty-staff-directory.php:277
actionwidgets_initfaculty-staff-directory.php:388
Maintenance & Trust

Faculty and Staff Directory Maintenance & Trust

Maintenance Signals

WordPress version tested4.0.38
Last updatedUnknown
PHP min version
Downloads5K

Community Trust

Rating80/100
Number of ratings1
Active installs10
Alternatives

Faculty and Staff Directory Alternatives

StaffList

StaffList

stafflist

D
47

A super simplified staff directory tool

100 2 unpatched
Campus Directory – Faculty, Staff & Student Directory Plugin for WordPress

Campus Directory – Faculty, Staff & Student Directory Plugin for WordPress

campus-directory

A
97

Create a responsive, searchable directory for faculty, staff, or students—perfect for schools, colleges, and universities using WordPress.

80 3 CVEs
Business Directory Plugin – Easy Listing Directories for WordPress

Business Directory Plugin – Easy Listing Directories for WordPress

business-directory-plugin

B
82

The easy Business Directory Plugin for WordPress. Build an easy team directory, member directory, staff directory, church directory, and more.

10K 16 CVEs
Team Members – Multi Language Supported Team Plugin

Team Members – Multi Language Supported Team Plugin

team-showcase-supreme

A
98

Multi-language supported Team Members - Team with Slide is the best plugins to display unlimited team in Carouse and Grid view.

7K 2 CVEs
Organization chart

Organization chart

organization-chart

A
96

WordPress organization chart plugin is a nice and handy tool for creating simple and nice organizational charts. If you have any suggestions about the …

5K 5 CVEs
Developer Profile

Faculty and Staff Directory Developer Profile

John Cummings

3 plugins · 120 total installs

87
trust score
Avg Security Score
90/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Faculty and Staff Directory

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/faculty-and-staff-directory/css/faculty-staff-styles.css

HTML / DOM Fingerprints

Data Attributes
name="facstafftitle"name="facstaffcompany"name="facstaffemail"name="facstafftwitter"name="facstafflinkedin"name="facstaffphone"+4 more
FAQ

Frequently Asked Questions about Faculty and Staff Directory