3 matches found
CVE-2024-1586
The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom schema in all versions up to, and including, 1.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject...
CVE-2024-3491 Schema & Structured Data for WP & AMP <= 1.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via How To and FAQ Blocks
The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "How To" and "FAQ" Blocks in all versions up to, and including, 1.29 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2024-1288
CVE-2024-1288 affects the Schema & Structured Data for WP & AMP WordPress plugin. The vulnerability is due to a missing capability check in the saswp_reviews_form_render function, allowing authenticated attackers with Contributor+ access to modify stored reCaptcha site/secret keys, potentially br...