Wp Schema Pro
by WordPress
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-36682 | Hig | 0.46 | 7.1 | 0.00 | Nov 30, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US LLC Schema Pro allows Cross Site Request Forgery.This issue affects Schema Pro: from n/a through 2.7.7. | ||
| CVE-2023-36683 | Med | 0.42 | 6.5 | 0.01 | Jun 19, 2024 | Missing Authorization vulnerability in WP SCHEMA PRO Schema Pro.This issue affects Schema Pro: from n/a through 2.7.8. | ||
| CVE-2024-1564 | Med | 0.28 | 4.3 | 0.00 | Mar 25, 2024 | The wp-schema-pro WordPress plugin before 2.7.16 does not validate post access allowing a contributor user to access custom fields on any post regardless of post type or status via a shortcode |
- risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US LLC Schema Pro allows Cross Site Request Forgery.This issue affects Schema Pro: from n/a through 2.7.7.
- risk 0.42cvss 6.5epss 0.01
Missing Authorization vulnerability in WP SCHEMA PRO Schema Pro.This issue affects Schema Pro: from n/a through 2.7.8.
- risk 0.28cvss 4.3epss 0.00
The wp-schema-pro WordPress plugin before 2.7.16 does not validate post access allowing a contributor user to access custom fields on any post regardless of post type or status via a shortcode