Medium severity5.3NVD Advisory· Published Nov 25, 2025· Updated Apr 15, 2026

CVE-2025-13414

Description

The Chamber Dashboard Business Directory plugin for WordPress is vulnerable to unauthorized data export due to a missing capability check on the cdash_watch_for_export() function in all versions up to, and including, 3.3.11. This makes it possible for unauthenticated attackers to export business directory information, including sensitive business details.

Affected products

WordPress/Chamber Dashboard Business Directoryinferred2 versions
<=3.3.11+ 1 more
- (no CPE)range: <=3.3.11
- (no CPE)range: <=3.3.11
Package: https://wordpress.org/plugins/chamber-dashboard-business-directory

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

plugins.trac.wordpress.org/browser/chamber-dashboard-business-directory/tags/3.3.11/options.phpnvd
plugins.trac.wordpress.org/browser/chamber-dashboard-business-directory/trunk/options.phpnvd
www.wordfence.com/threat-intel/vulnerabilities/id/1896885a-a104-464a-bb57-2c3c73ff9415nvd

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000