{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14069", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-12-04T21:10:55.397Z", "datePublished": "2026-01-23T05:29:51.045Z", "dateUpdated": "2026-04-08T16:57:44.106Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:57:44.106Z"}, "affected": [{"vendor": "magazine3", "product": "Schema & Structured Data for WP & AMP", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.54", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'saswp_custom_schema_field' profile field in all versions up to, and including, 1.54 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "title": "Schema & Structured Data for WP & AMP <= 1.54 - Authenticated (Contributor+) Stored Cross-Site Scripting via User Custom Schema", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/651a7036-d421-41b7-91db-102e60d8274e?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/schema-and-structured-data-for-wp/tags/1.53/admin_section/common-function.php#L1874"}, {"url": "https://plugins.trac.wordpress.org/browser/schema-and-structured-data-for-wp/tags/1.53/admin_section/structure-admin.php#L2605"}, {"url": "https://plugins.trac.wordpress.org/browser/schema-and-structured-data-for-wp/tags/1.53/output/function.php#L171"}, {"url": "https://plugins.trac.wordpress.org/changeset/3441582/schema-and-structured-data-for-wp/trunk?contextall=1&old=3429983&old_path=%2Fschema-and-structured-data-for-wp%2Ftrunk#file0"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "M Indra Purnama"}], "timeline": [{"time": "2026-01-22T17:19:06.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-23T16:05:25.317337Z", "id": "CVE-2025-14069", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-23T16:14:08.498Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-14069", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-23T16:05:25.317337Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-23T16:10:22.816Z"}}], "cna": {"title": "Schema & Structured Data for WP & AMP <= 1.54 - Authenticated (Contributor+) Stored Cross-Site Scripting via User Custom Schema", "credits": [{"lang": "en", "type": "finder", "value": "M Indra Purnama"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "magazine3", "product": "Schema & Structured Data for WP & AMP", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.54"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-01-22T17:19:06.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/651a7036-d421-41b7-91db-102e60d8274e?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/schema-and-structured-data-for-wp/tags/1.53/admin_section/common-function.php#L1874"}, {"url": "https://plugins.trac.wordpress.org/browser/schema-and-structured-data-for-wp/tags/1.53/admin_section/structure-admin.php#L2605"}, {"url": "https://plugins.trac.wordpress.org/browser/schema-and-structured-data-for-wp/tags/1.53/output/function.php#L171"}, {"url": "https://plugins.trac.wordpress.org/changeset/3441582/schema-and-structured-data-for-wp/trunk?contextall=1&old=3429983&old_path=%2Fschema-and-structured-data-for-wp%2Ftrunk#file0"}], "descriptions": [{"lang": "en", "value": "The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'saswp_custom_schema_field' profile field in all versions up to, and including, 1.54 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:57:44.106Z"}}}, "cveMetadata": {"cveId": "CVE-2025-14069", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:57:44.106Z", "dateReserved": "2025-12-04T21:10:55.397Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-01-23T05:29:51.045Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'saswp_custom_schema_field' profile field in all versions up to, and including, 1.54 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}, {"lang": "es", "value": "El plugin Schema &amp; Structured Data para WP &amp; AMP para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s del campo de perfil 'saswp_custom_schema_field' en todas las versiones hasta la 1.54, inclusive, debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto permite a atacantes autenticados, con acceso de nivel Colaborador o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."}], "id": "CVE-2025-14069", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-01-23T06:15:48.953", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/schema-and-structured-data-for-wp/tags/1.53/admin_section/common-function.php#L1874"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/schema-and-structured-data-for-wp/tags/1.53/admin_section/structure-admin.php#L2605"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/schema-and-structured-data-for-wp/tags/1.53/output/function.php#L171"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3441582/schema-and-structured-data-for-wp/trunk?contextall=1&old=3429983&old_path=%2Fschema-and-structured-data-for-wp%2Ftrunk#file0"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/651a7036-d421-41b7-91db-102e60d8274e?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T16:14:04.429954+00:00", "value": {"mitigation_remediation": ["Upgrade the Schema & Structured Data for WP & AMP plugin to a version that removes the vulnerable \"saswp_custom_schema_field\" handling (version 1.55 or later if available).", "If an upgrade is not immediately possible, locate and delete any custom schema entries that may contain malicious input, and manually sanitize remaining data.", "Restrict Contributor role capabilities to prevent editing or creating custom schema fields until the patch is applied, or remove the Contributor role from untrusted users."], "summary": {"action": "Immediate Patch", "impact": "Stored Cross-Site Scripting via authenticated Contributor+ access"}, "threat_synthesis": {"affected_systems": "The affected system is the Schema & Structured Data for WP & AMP plugin developed by magazine3, used in WordPress installations. All releases up to and including version 1.54 contain the flaw; any site still running 1.54 or earlier is at risk.", "description_and_impact": "The Schema & Structured Data for WP & AMP plugin allows a stored cross\u2011site scripting flaw, identified as CWE\u201179, through the \"saswp_custom_schema_field\" profile field. The vulnerability arises from insufficient input sanitization and output escaping, permitting attackers who can add or edit this custom schema field to embed arbitrary scripts into a WordPress page. Once stored, these scripts execute automatically whenever any site visitor loads the affected page, potentially hijacking user sessions or delivering malware.", "risk_and_exploitability": "The CVSS score of 6.4 reflects a moderate severity, while the EPSS score of less than 1% indicates a low likelihood of exploitation. The vulnerability is not currently listed in CISA\u2019s KEV catalog. Attacking requires authenticated Contributor-level or higher access to the WordPress admin interface; the attacker can inject the malicious payload, which then affects all site visitors who view the compromised page. The exploit path is simple for an attacker with the required role, but the overall risk is constrained by the low EPSS and the need for authorisation."}}}}, "created": "2026-01-23T10:26:40.618442+00:00", "updated": "2026-04-21T16:15:40.508313+00:00", "vendors": ["magazine3", "magazine3$PRODUCT$schema_&_structured_data_for_wp_&_amp", "wordpress", "wordpress$PRODUCT$wordpress"]}