关键信息 描述 漏洞类型: Unauthenticated Stored-XSS 影响版本: Schema & Structured Data for WP & AMP < 1.50 影响插件 插件名称: schema-and-structured-data-for-wp 修复版本: 1.50 参考 CVE编号: CVE-2025-9512 分类 类型: XSS OWASP Top 10: A7: Cross-Site Scripting (XSS) CWE编号: CWE-79 CVSS评分: 8.8 (高) 其他信息 原始研究员: Matthew Rollings 提交者: Matthew Rollings 提交网站: https://sec.stealthcopter.com 提交者Twitter: stealthcopter 验证状态: Yes WPVDB ID: e45d9335-3665-4155-abcf-9eeea250f1ba 时间线 公开发布日期: 2025-09-10 添加日期: 2025-09-10 最后更新日期: 2025-09-10 其他相关漏洞 Slideshow Gallery <= 1.8.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Autolinks <= 1.0.1 - Stored Cross-Site Scripting via CSRF Themify Event Post <= 1.2.8 - Authenticated (Administrator+) Stored Cross-Site Scripting Wordfence 3.8.1 - wp-admin/admin.php whois Parameter Stored XSS Upfrontwp <= 1.1 - Reflected XSS