WordPress Plugin Vulnerabilities

Structured Content < 1.6 - Contributor+ Stored XSS

Description

The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Affects Plugins

Plugin icon
structured-content
Fixed in 1.6

References

CVE
CVE-2023-49820
URL
https://patchstack.com/database/vulnerability/structured-content/wordpress-structured-content-json-ld-wpsc-plugin-1-5-3-cross-site-scripting-xss-vulnerability

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
5.9 (medium)

Miscellaneous

Original Researcher
LVT-tholv2k
Verified
No
WPVDB ID
5a618afa-01a6-4742-905f-4252e6b5c49e

Timeline

Publicly Published
2023-12-05 (about 2 years ago)
Added
2023-12-09 (about 2 years ago)
Last Updated
2024-01-08 (about 2 years ago)

Other

Published
Title
Published
2025-01-16
Title
Catch Duplicate Switcher <= 2.0 - Reflected Cross-Site Scripting
Published
2025-11-18
Title
Custom Admin Menu <= 1.0.0 - Reflected XSS
Published
2025-12-04
Title
Easy Jump Links Menus <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
Published
2019-05-02
Title
Advanced Woo Search < 1.70 - CSRF & XSS
Published
2024-08-12
Title
Flaming Forms <= 1.0.1 - Unauthenticated Stored XSS