cleantalk
Vulnerabilities and Security Researches

Structured Content (JSON-LD) #wpsc, CVE-2022-4715

CVE, Research URL

CVE-2022-4715

Home page URL

Security reports for Structured Content (JSON-LD) #wpsc

Application

Structured Content (JSON-LD) #wpsc

Published on
Jan 23, 2023
Research Description
The Structured Content WordPress plugin before 1.5.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
Affected versions
Min -, max 1.5.1.
Status
vulnerable
Previous vulnerability researches
Structured Content (JSON-LD) #wpsc (CVE-2025-30918) , Apr 03, 2025
Structured Content (JSON-LD) #wpsc (CVE-2025-0512) , Mar 05, 2025
Structured Content (JSON-LD) #wpsc (CVE-2024-43307) , Aug 20, 2024
Structured Content (JSON-LD) #wpsc (CVE-2023-49819) , Jun 07, 2024
Structured Content (JSON-LD) #wpsc (CVE-2023-49820) , Jun 07, 2024
New vulnerability
Woo Product Feed For Marketing Channels (CVE-2025-31377) , Apr 10, 2025
Easy custom css by webriti (CVE-2025-31395) , Apr 10, 2025
Checkout Mestres WP (CVE-2025-32695) , Apr 10, 2025
Request Call Back (CVE-2025-32483) , Apr 10, 2025
QR Master (CVE-2025-32116) , Apr 10, 2025