2 matches found
CVE-2025-14069 Schema & Structured Data for WP & AMP <= 1.54 - Authenticated (Contributor+) Stored Cross-Site Scripting via User Custom Schema
The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'saswpcustomschemafield' profile field in all versions up to, and including, 1.54 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...
WordPress Schema & Structured Data for WP & AMP plugin <= 1.33 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via url Attribute vulnerability discovered by wesley wcraft in WordPress Plugin Schema & Structured Data for WP & AMP versions = 1.33...