cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2024-11279,https://securityvulnerability.io/vulnerability/CVE-2024-11279,Cross-Site Scripting Vulnerability in Schema App Structured Data plugin for WordPress,"The Schema App Structured Data plugin for WordPress contains a vulnerability that allows attackers to exploit reflected cross-site scripting (XSS). The issue arises from the inadequate escaping of URLs through the use of the add_query_arg function in versions up to and including 2.2.4. This vulnerability can be leveraged by unauthenticated attackers, who may successfully trick a user into clicking a malicious link, leading to the injection of arbitrary web scripts. As a result, an attacker can compromise the integrity of a user’s session or hijack sensitive information, posing serious risks to web security.",Wordpress,Schema App Structured Data,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-12-12T03:23:06.246Z,0 CVE-2024-0892,https://securityvulnerability.io/vulnerability/CVE-2024-0892,Cross-Site Request Forgery Vulnerability in Schema App Structured Data Plugin for WordPress,"The Schema App Structured Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the MarkUpdate function. This makes it possible for unauthenticated attackers to update and delete post metadata via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",Wordpress,Schema App Structured Data,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-14T03:35:40.793Z,0 CVE-2024-0893,https://securityvulnerability.io/vulnerability/CVE-2024-0893,Unauthorized Modification of Data Vulnerability in Schema App Structured Data Plugin for WordPress,"The Schema App Structured Data plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MarkupUpdate function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber access or higher, to update or delete post metadata.",Wordpress,Schema App Structured Data,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-24T06:42:15.486Z,0