← Zuruck zu CVEs
CVE-2025-9512
MEDIUM6.1
Beschreibung
The Schema & Structured Data for WP & AMP WordPress plugin before 1.50 does not properly handles HTML tag attribute modifications, making it possible for unauthenticated attackers to conduct Stored XSS attacks via post comments.
CVE Details
CVSS v3.1 Bewertung6.1
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionREQUIRED
Veroffentlicht10/1/2025
Zuletzt geandert10/2/2025
Quellenvd
Honeypot-Sichtungen0
Referenzen
https://wpscan.com/vulnerability/e45d9335-3665-4155-abdf-9eeea250f1ba/(contact@wpscan.com)
https://wpscan.com/vulnerability/e45d9335-3665-4155-abdf-9eeea250f1ba/(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.