CVE-2026-9067

UNKNOWN 0.0

Schema & Structured Data for WP & AMP < 1.60 - Unauthenticated Arbitrary Media Upload

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and does not validate the actual content of uploaded files against the endpoint's intended media type, allowing unauthenticated users to upload any file type accepted by WordPress's media library through endpoints that should only accept images or videos.

Vendor	unknown
Product	schema & structured data for wp & amp
Published	Jun 10, 2026

Stay Ahead of the Next One

Get instant alerts for unknown schema & structured data for wp & amp

Be the first to know when new unknown vulnerabilities affecting unknown schema & structured data for wp & amp are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Unknown / Schema & Structured Data for WP & AMP

0 < 1.60

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wpscan.com: https://wpscan.com/vulnerability/7fac98eb-f82c-4705-a956-aba650945826/

Credits

0xBassia WPScan