cleantalk
Vulnerabilities and Security Researches

Schema & Structured Data for WP & AMP, CVE-2026-9067

CVE, Research URL

CVE-2026-9067

Home page URL

Security reports for Schema & Structured Data for WP & AMP

Application

Schema & Structured Data for WP & AMP

Published on
Jun 10, 2026
Research Description
The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and does not validate the actual content of uploaded files against the endpoint's intended media type, allowing unauthenticated users to upload any file type accepted by WordPress's media library through endpoints that should only accept images or videos.
Affected versions
max 1.60.
Status
vulnerable
Previous vulnerability researches
Remove Duplicate Posts (1f5faa66dc6d492718ce5db9c3895b5840416340) , Jun 07, 2024
Remove Duplicate Posts (CVE-2023-29237) , Jun 10, 2024
New vulnerability
WPZOOM Portfolio (CVE-2026-49069) , Jun 12, 2026
wpForo Forum (CVE-2026-49767) , Jun 12, 2026
Easy Image Collage (CVE-2026-9019) , Jun 12, 2026
Stop WP Emails Going to Spam (CVE-2023-33999) , Jun 12, 2026
Duplicate Post (CVE-2026-53738) , Jun 12, 2026