Primary

Context

Schema and Structured Data for WordPress and AMP Missing Authorization Vulnerability in reCaptcha Key Modification

Vulnerability

Patched

A vulnerability exists in the Schema & Structured Data for WP & AMP plugin for WordPress, in all versions through 1.26. The issue arises from a lack of proper capability checks in the 'saswp_reviews_form_render' function, allowing authenticated attackers with contributor access or higher to unauthorizedly modify the plugin's reCaptcha site and secret keys. This could disrupt the functionality of reCaptcha on the site.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in reCaptcha settings, potentially causing reCaptcha to malfunction or be bypassed.

Remediation

Users can update to version 1.27 or a newer patched version to address this vulnerability.

Added: May 15, 2026, 9:46 AM

Updated: May 15, 2026, 9:46 AM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

6.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

6.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Schema and Structured Data for WordPress and AMP Missing Authorization Vulnerability in reCaptcha Key Modification

Vulnerability

Impact

Remediation

Affected Products

Schema & Structured Data for WP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating