CVE-2025-9512

Schema & Structured Data for WP & AMP < 1.50 - Unauthenticated Stored-XSS

Description

The Schema & Structured Data for WP & AMP WordPress plugin before 1.50 does not properly handles HTML tag attribute modifications, making it possible for unauthenticated attackers to conduct Stored XSS attacks via post comments.

INFO

Published Date :

2025-10-01T06:00:02.967Z

Last Modified :

2025-10-01T14:59:13.068Z

Source :

WPScan

AFFECTED PRODUCTS

The following products are affected by CVE-2025-9512 vulnerability.

Vendors	Products
Magazine3	Schema & Structured Data For Wp & Amp
Wordpress	Wordpress

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-9512.

URL	Resource
https://wpscan.com/vulnerability/e45d9335-3665-4155-abdf-9eeea250f1ba/

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact