Primary

Context

WordPress Review Schema Plugin Local File Inclusion Vulnerability

Vulnerability

Patched

A local file inclusion vulnerability has been identified in the Review Schema plugin for WordPress, affecting all versions through 2.2.4. The vulnerability allows authenticated attackers with contributor-level or higher permissions to include and execute arbitrary files on the server via post meta. This exploitation could lead to the execution of PHP code contained in the included files, potentially bypassing access controls, accessing sensitive data, or executing code in scenarios where PHP files can be uploaded and included.

Impact

Exploitation of this vulnerability could result in unauthorized file inclusion, allowing attackers to execute arbitrary PHP code on the server. This could be used to bypass access controls, access sensitive information, or execute malicious code, especially in cases where uploaded PHP files can be included and executed.

Remediation

Users are advised to update the Review Schema plugin to version 2.2.5 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

10.0

exploitability

4.7

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

10.0

exploitability

4.7

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress Review Schema Plugin Local File Inclusion Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Review Schema

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating