PT-2025-40477 · WordPress · Schema Plugin For Divi
Ch4R0N
·
Published
2025-10-03
·
Updated
2025-10-03
·
CVE-2025-7825
CVSS v3.1
6.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Schema Plugin For Divi, Gutenberg & Shortcodes versions prior to 4.3.2
Description
The Schema Plugin For Divi, Gutenberg & Shortcodes for WordPress is susceptible to Object Instantiation up to version 4.3.2 through deserialization of untrusted input via the
wpt schema breadcrumbs shortcode. This allows authenticated attackers with Contributor-level access or higher to inject a PHP Object. The impact of this issue is limited unless another plugin or theme containing a PHP Object Payload (POP) chain is installed, which could allow actions like deleting files, retrieving sensitive data, or executing code.Recommendations
Update the Schema Plugin For Divi, Gutenberg & Shortcodes to a version later than 4.3.2.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Schema Plugin For Divi