Vulnerabilities and security researches forschema-app-structured-data-for-schemaorg schema-app-structured-data-for-schemaorg

Dec 13, 2024

CVE, Research URL: CVE-2024-11279
Home page URL: Security reports for Schema App Structured Data
Application: Schema App Structured Data
Date: Dec 12, 2024
Research Description: The Schema App Structured Data plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.2.4. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

Jun 16, 2024

CVE, Research URL: CVE-2024-0892
Home page URL: Security reports for Schema App Structured Data
Application: Schema App Structured Data
Date: Jun 14, 2024
Research Description: The Schema App Structured Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the MarkUpdate function. This makes it possible for unauthenticated attackers to update and delete post metadata via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2023-44258
Home page URL: Security reports for Schema App Structured Data
Application: Schema App Structured Data
Date: Jan 02, 2025
Research Description: Missing Authorization vulnerability in Schema App Schema App Structured Data allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Schema App Structured Data: from n/a through 1.23.1.
Affected versions: Min -, max -.
Status: vulnerable

Jun 06, 2024

CVE, Research URL: CVE-2024-0893
Home page URL: Security reports for Schema App Structured Data
Application: Schema App Structured Data
Date: May 24, 2024
Research Description: The Schema App Structured Data plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MarkupUpdate function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber access or higher, to update or delete post metadata.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: f7767594114ab4f30b2cf84528de542934d034ae
Home page URL: Security reports for Schema App Structured Data
Application: Schema App Structured Data
Date: Sep 27, 2023
Research Description: Schema App Structured Data [schema-app-structured-data-for-schemaorg] < 1.22.4 WordPress Schema App Structured Data Plugin <= 1.22.3 is vulnerable to Broken Access Control No patched version is available. No reply from the vendor. Rio Darmawan discovered and reported this Broken Access Control vulnerability in WordPress Schema App Structured Data Plugin. A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action. This vulnerability has not been known to be fixed yet.
Affected versions: Min -, max -.
Status: vulnerable