CVE-2026-1575

The Schema Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's itemscope shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2026-1575

The Schema Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's itemscope shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2026-1575 Schema Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Schema Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's itemscope shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2026-1575

The CVE-2026-1575 entry refers to the WordPress Schema Shortcode plugin vulnerability: a Stored Cross-Site Scripting issue in the plugin’s itemscope shortcode, affecting all versions up to 1.0. Root cause: insufficient input sanitization and output escaping on user-provided attributes, enabling a...

PT-2026-26812

The Schema Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's itemscope shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...