cleantalk
Vulnerabilities and Security Researches

Structured Content (JSON-LD) #wpsc, CVE-2025-0512

CVE, Research URL

CVE-2025-0512

Home page URL

Security reports for Structured Content (JSON-LD) #wpsc

Application

Structured Content (JSON-LD) #wpsc

Published on
Mar 04, 2025
Research Description
The Structured Content (JSON-LD) #wpsc plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sc_fs_local_business shortcode in all versions up to, and including, 6.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 1.6.4.
Status
vulnerable
Previous vulnerability researches
Structured Content (JSON-LD) #wpsc (CVE-2025-30918) , Apr 03, 2025
Structured Content (JSON-LD) #wpsc (CVE-2025-0512) , Mar 05, 2025
Structured Content (JSON-LD) #wpsc (CVE-2024-43307) , Aug 20, 2024
Structured Content (JSON-LD) #wpsc (CVE-2023-49819) , Jun 07, 2024
Structured Content (JSON-LD) #wpsc (CVE-2023-49820) , Jun 07, 2024
New vulnerability
Woo Product Feed For Marketing Channels (CVE-2025-31377) , Apr 10, 2025
Easy custom css by webriti (CVE-2025-31395) , Apr 10, 2025
Checkout Mestres WP (CVE-2025-32695) , Apr 10, 2025
Request Call Back (CVE-2025-32483) , Apr 10, 2025
QR Master (CVE-2025-32116) , Apr 10, 2025