Schema & Structured Data For Wp & Amp
Approved changes feed: RSS · Atom
cpe:2.3:a:magazine3:schema_\&_structured_data_for_wp_\&_amp:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Magazine3 (7e4cb157-d360-562d-a694-e813be0c8ddb) |
|---|---|
| Product | Schema & Structured Data For Wp & Amp (12ddcb3a-78ec-5a42-82bb-3905c3082100) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-5582 |
vulnerable | 2026-06-08 06:56:16.613378 |
Schema & Structured Data for WP & AMP <= 1.33 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Attribute
MEDIUM (6.4)
The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'url' attribute within the Q&A Block widget in all versions up to, and including, 1.33 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2024-07-17T07:32:19.774Z
Updated: 2026-04-08T17:14:35.592Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-22146 |
vulnerable | 2026-06-08 06:29:33.933869 |
WordPress Schema & Structured Data for WP & AMP Plugin <= 1.25 is vulnerable to Cross Site Scripting (XSS)
MEDIUM (6.5)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magazine3 Schema & Structured Data for WP & AMP allows Stored XSS.This issue affects Schema & Structured Data for WP & AMP: from n/a through 1.25.
Published: 2024-01-31T18:24:18.049Z
Updated: 2026-04-28T16:09:08.787Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-1586 |
vulnerable | 2026-06-08 06:27:13.646972 |
Schema & Structured Data for WP & AMP <= 1.26 - Authenticated (Custom) Stored Cross-Site Scripting
MEDIUM (6.4)
The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom schema in all versions up to, and including, 1.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default the required authentication level is admin, but administrators have the ability to assign role based access to users as low as subscriber.
Published: 2024-02-20T18:56:36.199Z
Updated: 2026-04-08T17:03:08.442Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-1288 |
vulnerable | 2026-06-08 06:25:39.736572 |
Schema & Structured Data for WP & AMP <= 1.26 - Missing Authorization to reCaptcha Key Modification
MEDIUM (4.3)
The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saswp_reviews_form_render' function in all versions up to, and including, 1.26. This makes it possible for authenticated attackers, with contributor access and above, to modify the plugin's stored reCaptcha site and secret keys, potentially breaking the reCaptcha functionality.
Published: 2024-02-20T18:56:39.988Z
Updated: 2026-04-08T17:14:47.213Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.