Search criteria
6 vulnerabilities found for schema_app_structured_data by schemaapp
CVE-2023-44258 (GCVE-0-2023-44258)
Vulnerability from nvd – Published: 2025-01-02 11:59 – Updated: 2025-01-06 20:31
VLAI?
Title
WordPress Schema App Structured Data plugin <= 1.23.1 - Broken Access Control + CSRF vulnerability
Summary
Missing Authorization vulnerability in Schema App Schema App Structured Data allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Schema App Structured Data: from n/a through 1.23.1.
Severity ?
5.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Schema App | Schema App Structured Data |
Affected:
n/a , ≤ 1.23.1
(custom)
|
Credits
Rio Darmawan (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44258",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-06T20:31:30.270879Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T20:31:47.924Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "schema-app-structured-data-for-schemaorg",
"product": "Schema App Structured Data",
"vendor": "Schema App",
"versions": [
{
"changes": [
{
"at": "1.23.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.23.1",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rio Darmawan (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMissing Authorization vulnerability in Schema App Schema App Structured Data allows Exploiting Incorrectly Configured Access Control Security Levels.\u003c/p\u003e\u003cp\u003eThis issue affects Schema App Structured Data: from n/a through 1.23.1.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in Schema App Schema App Structured Data allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Schema App Structured Data: from n/a through 1.23.1."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T11:59:46.069Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/schema-app-structured-data-for-schemaorg/vulnerability/wordpress-schema-app-structured-data-plugin-1-22-3-csrf-broken-access-control-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No patched version is available. No reply from the vendor."
}
],
"value": "No patched version is available. No reply from the vendor."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Schema App Structured Data plugin \u003c= 1.23.1 - Broken Access Control + CSRF vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-44258",
"datePublished": "2025-01-02T11:59:46.069Z",
"dateReserved": "2023-09-27T12:39:26.099Z",
"dateUpdated": "2025-01-06T20:31:47.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0893 (GCVE-0-2024-0893)
Vulnerability from nvd – Published: 2024-05-24 06:42 – Updated: 2024-08-01 18:18
VLAI?
Title
Schema App Structured Data <= 1.23.1 - Missing Authorization
Summary
The Schema App Structured Data plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MarkupUpdate function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber access or higher, to update or delete post metadata.
Severity ?
4.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| vberkel | Schema App Structured Data |
Affected:
* , ≤ 2.1.0
(semver)
|
Credits
Francesco Carlucci
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hunch_manifest:schema_app_structured_data:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "schema_app_structured_data",
"vendor": "hunch_manifest",
"versions": [
{
"lessThanOrEqual": "1.23.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0893",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T18:33:47.806127Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:58:20.408Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1089ab17-b780-4840-8dcd-c50258513634?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/schema-app-structured-data-for-schemaorg/trunk/lib/SchemaEditor.php#L327"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Schema App Structured Data",
"vendor": "vberkel",
"versions": [
{
"lessThanOrEqual": "2.1.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Francesco Carlucci"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Schema App Structured Data plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MarkupUpdate function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber access or higher, to update or delete post metadata."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-862 Missing Authorization",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-24T06:42:15.486Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1089ab17-b780-4840-8dcd-c50258513634?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/schema-app-structured-data-for-schemaorg/trunk/lib/SchemaEditor.php#L327"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-05-23T18:14:16.000+00:00",
"value": "Disclosed"
}
],
"title": "Schema App Structured Data \u003c= 1.23.1 - Missing Authorization"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-0893",
"datePublished": "2024-05-24T06:42:15.486Z",
"dateReserved": "2024-01-25T14:27:07.981Z",
"dateUpdated": "2024-08-01T18:18:18.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2023-44258
Vulnerability from fkie_nvd - Published: 2025-01-02 12:15 - Updated: 2026-01-23 20:13
Severity ?
Summary
Missing Authorization vulnerability in Schema App Schema App Structured Data allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Schema App Structured Data: from n/a through 1.23.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| schemaapp | schema_app_structured_data | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schemaapp:schema_app_structured_data:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "7FE89DBB-B5A4-405A-A498-79B97C71883C",
"versionEndExcluding": "1.23.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Schema App Schema App Structured Data allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Schema App Structured Data: from n/a through 1.23.1."
},
{
"lang": "es",
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en Schema App Schema App Structured Data permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Schema App Structured Data: desde n/a hasta 1.23.1."
}
],
"id": "CVE-2023-44258",
"lastModified": "2026-01-23T20:13:12.803",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "audit@patchstack.com",
"type": "Secondary"
}
]
},
"published": "2025-01-02T12:15:07.020",
"references": [
{
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/wordpress/plugin/schema-app-structured-data-for-schemaorg/vulnerability/wordpress-schema-app-structured-data-plugin-1-22-3-csrf-broken-access-control-vulnerability?_s_id=cve"
}
],
"sourceIdentifier": "audit@patchstack.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "audit@patchstack.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-0893
Vulnerability from fkie_nvd - Published: 2024-05-24 07:15 - Updated: 2025-04-04 18:20
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
The Schema App Structured Data plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MarkupUpdate function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber access or higher, to update or delete post metadata.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| schemaapp | schema_app_structured_data | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schemaapp:schema_app_structured_data:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "D76EC18E-4F87-45E4-94EE-811217DF1A5D",
"versionEndExcluding": "2.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Schema App Structured Data plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MarkupUpdate function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber access or higher, to update or delete post metadata."
},
{
"lang": "es",
"value": "El complemento Schema App Structured Data para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n MarkupUpdate en todas las versiones hasta la 2.1.0 incluida. Esto hace posible que atacantes autenticados, con acceso de suscriptor o superior, actualicen o eliminen metadatos de publicaciones."
}
],
"id": "CVE-2024-0893",
"lastModified": "2025-04-04T18:20:59.957",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security@wordfence.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-05-24T07:15:09.387",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/schema-app-structured-data-for-schemaorg/trunk/lib/SchemaEditor.php#L327"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1089ab17-b780-4840-8dcd-c50258513634?source=cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/schema-app-structured-data-for-schemaorg/trunk/lib/SchemaEditor.php#L327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1089ab17-b780-4840-8dcd-c50258513634?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-44258 (GCVE-0-2023-44258)
Vulnerability from cvelistv5 – Published: 2025-01-02 11:59 – Updated: 2025-01-06 20:31
VLAI?
Title
WordPress Schema App Structured Data plugin <= 1.23.1 - Broken Access Control + CSRF vulnerability
Summary
Missing Authorization vulnerability in Schema App Schema App Structured Data allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Schema App Structured Data: from n/a through 1.23.1.
Severity ?
5.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Schema App | Schema App Structured Data |
Affected:
n/a , ≤ 1.23.1
(custom)
|
Credits
Rio Darmawan (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44258",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-06T20:31:30.270879Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T20:31:47.924Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "schema-app-structured-data-for-schemaorg",
"product": "Schema App Structured Data",
"vendor": "Schema App",
"versions": [
{
"changes": [
{
"at": "1.23.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.23.1",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rio Darmawan (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMissing Authorization vulnerability in Schema App Schema App Structured Data allows Exploiting Incorrectly Configured Access Control Security Levels.\u003c/p\u003e\u003cp\u003eThis issue affects Schema App Structured Data: from n/a through 1.23.1.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in Schema App Schema App Structured Data allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Schema App Structured Data: from n/a through 1.23.1."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T11:59:46.069Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/schema-app-structured-data-for-schemaorg/vulnerability/wordpress-schema-app-structured-data-plugin-1-22-3-csrf-broken-access-control-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No patched version is available. No reply from the vendor."
}
],
"value": "No patched version is available. No reply from the vendor."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Schema App Structured Data plugin \u003c= 1.23.1 - Broken Access Control + CSRF vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-44258",
"datePublished": "2025-01-02T11:59:46.069Z",
"dateReserved": "2023-09-27T12:39:26.099Z",
"dateUpdated": "2025-01-06T20:31:47.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0893 (GCVE-0-2024-0893)
Vulnerability from cvelistv5 – Published: 2024-05-24 06:42 – Updated: 2024-08-01 18:18
VLAI?
Title
Schema App Structured Data <= 1.23.1 - Missing Authorization
Summary
The Schema App Structured Data plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MarkupUpdate function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber access or higher, to update or delete post metadata.
Severity ?
4.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| vberkel | Schema App Structured Data |
Affected:
* , ≤ 2.1.0
(semver)
|
Credits
Francesco Carlucci
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hunch_manifest:schema_app_structured_data:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "schema_app_structured_data",
"vendor": "hunch_manifest",
"versions": [
{
"lessThanOrEqual": "1.23.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0893",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T18:33:47.806127Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:58:20.408Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1089ab17-b780-4840-8dcd-c50258513634?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/schema-app-structured-data-for-schemaorg/trunk/lib/SchemaEditor.php#L327"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Schema App Structured Data",
"vendor": "vberkel",
"versions": [
{
"lessThanOrEqual": "2.1.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Francesco Carlucci"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Schema App Structured Data plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MarkupUpdate function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber access or higher, to update or delete post metadata."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-862 Missing Authorization",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-24T06:42:15.486Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1089ab17-b780-4840-8dcd-c50258513634?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/schema-app-structured-data-for-schemaorg/trunk/lib/SchemaEditor.php#L327"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-05-23T18:14:16.000+00:00",
"value": "Disclosed"
}
],
"title": "Schema App Structured Data \u003c= 1.23.1 - Missing Authorization"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-0893",
"datePublished": "2024-05-24T06:42:15.486Z",
"dateReserved": "2024-01-25T14:27:07.981Z",
"dateUpdated": "2024-08-01T18:18:18.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}