cleantalk
Vulnerabilities and Security Researches

Schema & Structured Data for WP & AMP, CVE-2025-11502

CVE, Research URL

CVE-2025-11502

Home page URL

Security reports for Schema & Structured Data for WP & AMP

Application

Schema & Structured Data for WP & AMP

Published on
Nov 01, 2025
Research Description
The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'saswp_tiny_multiple_faq' shortcode in all versions up to, and including, 1.51 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.52.
Status
vulnerable
Previous vulnerability researches
Email Attachment by Order Status & Products (CVE-2025-49957) , Nov 10, 2025
New vulnerability
Theme Editor (CVE-2025-9890) , Nov 10, 2025
wpForo Forum (CVE-2025-4203) , Nov 10, 2025
wpForo Forum (CVE-2025-11740) , Nov 10, 2025
Estatik Real Estate Plugin (CVE-2025-62963) , Nov 10, 2025
Interactive Content – H5P (CVE-2025-62951) , Nov 10, 2025