WordPress Plugin Vulnerabilities

Schema App Structured Data < 1.22.4 - Missing Authorization via page_init

Description

The Schema App Structured Data plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the page_init function in versions up to, and including, 1.22.3. This makes it possible for unauthenticated attackers to delete the plugin's transients.

Affects Plugins

Plugin icon
schema-app-structured-data-for-schemaorg
Fixed in 1.22.4

References

CVE
CVE-2023-44258
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/3de82328-e44f-4488-a2ae-1dd2c3b8a502

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Rio Darmawan
Verified
No
WPVDB ID
035e5c75-2e24-4c4f-a8da-195908b20383

Timeline

Publicly Published
2023-09-27 (about 2 years ago)
Added
2023-11-23 (about 2 years ago)
Last Updated
2023-12-26 (about 2 years ago)

Other

Published
Title
Published
2024-04-05
Title
Wholesale For WooCommerce < 2.3.1 - Unauthenticated Arbitrary Post Deletion
Published
2024-04-01
Title
Product Sort and Display for WooCommerce < 2.4.2 - Missing Authorization
Published
2026-03-10
Title
News Magazine X < 1.2.51 - Missing Authorization
Published
2026-01-14
Title
Simple GDPR Cookie Compliance < 2.0.1 - Missing Authorization
Published
2025-12-20
Title
Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX < 5.0.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure