WordPress Schema & Structured Data for WP & AMP plugin < 1.60 - Unauthenticated Arbitrary Media Upload vulnerability

Unauthenticated Arbitrary Media Upload vulnerability discovered by 0xBassia in WordPress Plugin Schema & Structured Data for WP & AMP versions 1.60...

Exploit for CVE-2026-9067

POC & Xploit - Proof of Concept Directory Dokumentasi dan exp...

CVE-2026-9067 Schema & Structured Data for WP & AMP < 1.60 - Unauthenticated Arbitrary Media Upload

The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and does not validate the actual content of uploaded files against the endpoint's intended media type, allowing unauthenticated users to upload any fil...

WordPress plugin Schema and Structured Data for WP and AMP 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2025-14069

This CVE (CVE-2025-14069) affects Schema & Structured Data for WP & AMP (WordPress) up to version 1.54, via Stored Cross-Site Scripting in the saswp_custom_schema_field. Affected actor must have Contributor+ rights; exploitation would run scripts on pages when viewed by users. The Wordfence entry...

WordPress Plugin: Schema & Structured Data for WP & AMP – Cross-Browser Script Vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

EUVD-2024-43539

Malicious code in bioql PyPI...

CVE-2025-9512

The Schema & Structured Data for WP & AMP WordPress plugin before 1.50 does not properly handles HTML tag attribute modifications, making it possible for unauthenticated attackers to conduct Stored XSS attacks via post comments...

CVE-2025-9512 Schema & Structured Data for WP & AMP < 1.50 - Unauthenticated Stored-XSS

The Schema & Structured Data for WP & AMP WordPress plugin before 1.50 does not properly handles HTML tag attribute modifications, making it possible for unauthenticated attackers to conduct Stored XSS attacks via post comments...

CVE-2025-9512 Schema & Structured Data for WP & AMP < 1.50 - Unauthenticated Stored-XSS

The Schema & Structured Data for WP & AMP WordPress plugin before 1.50 does not properly handles HTML tag attribute modifications, making it possible for unauthenticated attackers to conduct Stored XSS attacks via post comments...

CVE-2025-9512

CVE-2025-9512 affects the WordPress plugin Schema & Structured Data for WP & AMP prior to version 1.50. The vulnerability is an unauthenticated stored XSS caused by incorrect handling of HTML tag attribute modifications in post comments, enabling an attacker to inject scripts that run in other us...

CVE-2024-49683 WordPress Schema & Structured Data for WP & AMP plugin <= 1.3.5 - Sensitive Data Exposure vulnerability

Missing Authorization vulnerability in Magazine3 Schema & Structured Data for WP & AMP schema-and-structured-data-for-wp allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Schema & Structured Data for WP & AMP: from n/a through = 1.3.5...

WordPress Schema & Structured Data for WP & AMP plugin <= 1.3.5 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Schema & Structured Data for WP & AMP versions = 1.3.5...

CVE-2024-5582 Schema & Structured Data for WP & AMP <= 1.33 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Attribute

The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'url' attribute within the Q&A Block widget in all versions up to, and including, 1.33 due to insufficient input sanitization and output escaping on user supplied attribute...

CVE-2024-3491

The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "How To" and "FAQ" Blocks in all versions up to, and including, 1.29 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-3491 Schema & Structured Data for WP & AMP <= 1.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via How To and FAQ Blocks

The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "How To" and "FAQ" Blocks in all versions up to, and including, 1.29 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-3491

CVE-2024-3491 concerns the Schema & Structured Data for WP & AMP plugin for WordPress. The vulnerability is a Stored Cross-Site Scripting (XSS) in the plugin’s How To and FAQ blocks, affecting all versions up to 1.29. It stems from insufficient input sanitization and output escaping on user-suppl...

Schema & Structured Data for WP & AMP < 1.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via How To and FAQ Blocks

Description The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "How To" and "FAQ" Blocks in all versions up to, and including, 1.29 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...

CVE-2024-1586

The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom schema in all versions up to, and including, 1.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject...

CVE-2024-1586

The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom schema in all versions up to, and including, 1.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject...