CVE-2026-9067 – Schema & Structured Data for WP & AMP < 1.60 – Unauthenticated Arbitrary Media Upload

CVE ID :CVE-2026-9067

Published : June 10, 2026, 7:16 a.m. | 1 hour, 22 minutes ago

Description :The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and does not validate the actual content of uploaded files against the endpoint’s intended media type, allowing unauthenticated users to upload any file type accepted by WordPress’s media library through endpoints that should only accept images or videos.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-9019 – Easy Image Collage

CVE-2026-8853 – MW WP Form

CVE-2026-8613 – aThemes Addons for Elementor

CVE-2026-10721 – Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the in Permission, Cache, and Search components