Object Instantiation Vulnerability in Schema Plugin for WordPress
CVE-2025-7825

6.3MEDIUM

Key Information:

Vendor: WordPress
Status: Schema Plugin For Divi, Gutenberg & Shortcodes
Vendor: CVE Published:; 3 October 2025

What is CVE-2025-7825?

The Schema Plugin For Divi, Gutenberg & Shortcodes is susceptible to a vulnerability that allows authenticated users with Contributor-level access or higher to exploit object instantiation through the deserialization of untrusted input in the wpt_schema_breadcrumbs shortcode. This could lead to potential PHP object injection attacks. Notably, the impact of this vulnerability depends on the presence of a payloads chain in other plugins or themes. If such a payloads chain exists, attackers could perform malicious actions, including deleting files, accessing sensitive information, or executing arbitrary code.

Affected Version(s)

Schema Plugin For Divi, Gutenberg & Shortcodes * <= 4.3.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://wordpress.org/plugins/wp-structured-data-schema/

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 3, 2025
Vulnerability Reserved
Jul 18, 2025

Credit

ch4r0n

JSON