cleantalk
Vulnerabilities and Security Researches

Schema & Structured Data for WP & AMP, CVE-2025-14069

CVE, Research URL

CVE-2025-14069

Home page URL

Security reports for Schema & Structured Data for WP & AMP

Application

Schema & Structured Data for WP & AMP

Published on
Jan 23, 2026
Research Description
The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'saswp_custom_schema_field' profile field in all versions up to, and including, 1.54 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.54.1.
Status
vulnerable
Previous vulnerability researches
Schema & Structured Data for WP & AMP (CVE-2024-49683) , Oct 25, 2024
Schema & Structured Data for WP & AMP (CVE-2025-11502) , Nov 10, 2025
Schema & Structured Data for WP & AMP (CVE-2025-9512) , Oct 11, 2025
Schema & Structured Data for WP & AMP (CVE-2024-1586) , Jun 07, 2024
Schema & Structured Data for WP & AMP (CVE-2023-51677) , Jun 07, 2024
New vulnerability
The Ultimate Video Player For WordPress – by Presto Player (CVE-2026-9125) , Jun 12, 2026
Extra Fees Plugin for WooCommerce (CVE-2023-33999) , Jun 12, 2026
Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery (CVE-2023-33999) , Jun 12, 2026
Form Vibes – Database Manager for Forms (CVE-2023-33999) , Jun 12, 2026
FormsCRM (CVE-2023-33999) , Jun 12, 2026