Review Schema – Review & Structure Data Schema Plugin < 2.2.7 – Authenticated (Subscriber+) Information Exposure | CVE 2026-25344 | Plugin Vulnerabilities

Description

The Review Schema – Review & Structure Data Schema Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive user or configuration data.

Affects Plugins

Fixed in 2.2.7

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/05379fe4-4924-4978-ad3f-a6208eee9d81

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CVSS

Miscellaneous

Original Researcher

Doan Dinh Van (DinhVan52)

Verified

No

WPVDB ID

548a4da5-96af-4a86-a268-554f54e55c70

Timeline

Publicly Published

2026-03-23 (about 3 months ago)

Added

2026-04-02 (about 2 months ago)

Last Updated

2026-04-02 (about 2 months ago)

Other

Published

Title

Published

2025-12-31

Title

Direct Payments WP <= 1.3.0 - Authenticated (Subscriber+) Sensitive Information Exposure

Published

2024-08-12

Title

Bit Form Pro < 2.8.0 - Authenticated (Subscriber+) Sensitive Information Exposure

Published

2024-04-03

Title

Beaver Themer < 1.4.9.1 - Authenticated (Contributor+) Sensitive Information Exposure via shortcode

Published

2026-01-27

Title

WP Adminify < 4.0.7.8 - Unauthenticated Sensitive Information Exposure via 'get-addons-list' REST API

Published

2025-01-13

Title

WebToffee WP Backup and Migration < 1.5.4 - Unauthenticated Sensitive Information Exposure