3 matches found
CVE-2025-3414
The Structured Content JSON-LD wpsc WordPress plugin before 1.7.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WordPress Structured Content plugin < 1.7.0 - Contributor Stored XSS vulnerability
Contributor Stored XSS vulnerability discovered by Krugov Aryom in WordPress Plugin Structured Content versions 1.7.0...
CVE-2025-3414
CVE-2025-3414 affects WordPress plugin Structured Content (JSON-LD) for the wpsc block, vulnerable before 1.7.0. The issue is that block options are not consistently validated/escaped before being output in a page/post where the block is embedded, enabling stored XSS by users with contributor rol...