CVE-2025-4127

Name of the Vulnerable Software and Affected Versions WP SEO Structured Data Schema plugin for WordPress versions up to and including 2.7.11

Description The issue is related to Stored Cross-Site Scripting via the Price Range parameter, which is caused by insufficient input sanitization and output escaping. This allows authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts that execute when an administrator accesses the plugin settings page.

Recommendations For WP SEO Structured Data Schema plugin for WordPress versions up to and including 2.7.11, update to a version higher than 2.7.11 to resolve the issue. As a temporary workaround, consider restricting access to the plugin settings page to minimize the risk of exploitation.