6 matches found
WordPress Structured Content (JSON-LD) #wpsc plugin <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via sc_fs_local_business Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via scfslocalbusiness Shortcode vulnerability discovered by shaman0x01 - Shaman Red Team in WordPress Plugin Structured Content versions = 1.6.3...
CVE-2025-3414
The Structured Content JSON-LD wpsc WordPress plugin before 1.7.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WordPress Structured Content Plugin <= 1.6.2 is vulnerable to Cross Site Scripting (XSS)
Software Structured Content Type Plugin Vulnerable versions = 1.6.2 Fixed in 1.6.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43307 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID df5a04e07bd7 Credits Michael Required privilege...
WordPress Structured Content Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS)
Software Structured Content Type Plugin Vulnerable versions = 1.6.1 Fixed in 1.6.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24839 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 74b9c66453a9 Credits LVT-tholv2k Required privilege...
WordPress Structured Content Plugin <= 1.5.3 is vulnerable to PHP Object Injection
Software Structured Content Type Plugin Vulnerable versions = 1.5.3 Fixed in 1.6 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-49819 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID bffa4eda39b1 Credits LVT-tholv2k Required privilege Contributo...
WordPress Structured Content Plugin <= 1.5.3 is vulnerable to Cross Site Scripting (XSS)
Software Structured Content Type Plugin Vulnerable versions = 1.5.3 Fixed in 1.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49820 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4db95a68f57c Credits LVT-tholv2k Required privilege...