Schema & Structured Data for WP & AMP

6.1 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Description

The Schema & Structured Data for WP & AMP WordPress plugin before 1.50 does not properly handles HTML tag attribute modifications, making it possible for unauthenticated attackers to conduct Stored XSS attacks via post comments.

Basic Information

ID CVE-2025-9512

Source WPScan

Published Oct 1, 2025 at 06:00

Modified Oct 1, 2025 at 14:59

Affected Product

Vendor Unknown

Product Schema & Structured Data for WP & AMP

Affected Versions Unknown Schema & Structured Data for WP & AMP 0

CWE Classification

References

wpscan.com /vulnerability/e45d9335-3665-4155-abdf-9eeea250f1ba/

{
    "lastseen": "",
    "description": "The Schema & Structured Data for WP & AMP WordPress plugin before 1.50 does not properly handles HTML tag attribute modifications, making it possible for unauthenticated attackers to conduct Stored XSS attacks via post comments.",
    "published": "2025-10-01T06:00:02.967Z",
    "modified": "2025-10-01T14:59:13.068Z",
    "type": "cve",
    "title": "Schema & Structured Data for WP & AMP < 1.50 - Unauthenticated Stored-XSS",
    "source": "WPScan",
    "references": "https://wpscan.com/vulnerability/e45d9335-3665-4155-abdf-9eeea250f1ba/",
    "id": "CVE-2025-9512",
    "bulletinFamily": "",
    "cwe": [
        ""
    ],
    "cvelist": null,
    "sourceData": "Unknown Schema & Structured Data for WP & AMP 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.1,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Schema & Structured Data for WP & AMP",
    "version": "0",
    "vendor": "Unknown",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Schema & Structured Data for WP & AMP < 1.50 - Unauthenticated Stored-XSS_CVE-2025-9512