Schema & Structured Data for WP & AMP WordPress Plugin Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in the Schema & Structured Data for WP & AMP WordPress plugin, affecting versions prior to 1.50. The issue arises because the plugin does not properly manage modifications to HTML tag attributes. This flaw enables unauthenticated attackers to inject malicious scripts through post comments, which are then executed when the comments are viewed.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the comments.

Reproduction

To reproduce this vulnerability, install and activate the 'Schema & Structured Data for WP & AMP' plugin version prior to 1.50. As an unauthenticated user, post a comment containing a link with a crafted 'itemprop' attribute that includes a JavaScript payload, such as an 'onfocus' event. Once the comment is approved, the injected script will execute when the comment is loaded on the page.

Remediation

Users are advised to update the Schema & Structured Data for WP & AMP WordPress plugin to version 1.50 or later.