Stored Cross-Site Scripting Vulnerability in WP SEO Structured Data Schema Plugin for WordPress
CVE-2025-4127

5.4MEDIUM

Key Information:

Vendor

WordPress
Status
WP Seo Structured Data Schema
Vendor
CVE Published:
8 May 2025

What is CVE-2025-4127?

The WP SEO Structured Data Schema plugin for WordPress is prone to a Stored Cross-Site Scripting vulnerability that allows authenticated attackers with Contributor-level access or higher to exploit the ā€˜Price Rangeā€™ parameter. This occurs due to insufficient input sanitization and output escaping, enabling attackers to inject arbitrary web scripts that will be executed whenever an administrator interacts with the plugin settings page. This vulnerability can lead to unauthorized access and actions, potentially compromising the security of the WordPress website.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

WP SEO Structured Data Schema * <= 2.7.11

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/wp-seo-structu...
https://plugins.trac.wordpress.org/changeset/3289009/wp-s...

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jƶrg SteinstrƤter
JSON
.