Schema & Structured Data for WP & AMP Vulnerability – Missing Authorization to reCaptcha Key Modification & Authenticated (Custom) Stored Cross-Site Scripting – CVE-2024-1288 & CVE-2024-1586 | WordPress Plugin Vulnerability Report

Plugin Name: Schema & Structured Data for WP & AMP

Key Information:

  • Software Type: Plugin
  • Software Slug: schema-and-structured-data-for-wp
  • Software Status: Active
  • Software Author: magazine3
  • Software Downloads: 4,923,980
  • Active Installs: 100,000
  • Last Updated: February 19, 2024
  • Patched Versions: 1.27
  • Affected Versions: <= 1.26

Vulnerability 1 Details:

  • Name: Schema & Structured Data for WP & AMP <= 1.26 - Missing Authorization to reCaptcha Key Modification
  • Title: Missing Authorization to reCaptcha Key Modification
  • Type: Improper Access Control
  • CVE: CVE-2024-1288
  • CVSS Score: 4.3 (Medium)
  • Publicly Published: February 19, 2024
  • Researcher: Ngô Thiên An
  • Description: The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saswp_reviews_form_render' function in all versions up to, and including, 1.26. This makes it possible for authenticated attackers, with contributor access and above, to modify the plugin's stored reCaptcha site and secret keys, potentially breaking the reCaptcha functionality.

Vulnerability 2 Details:

  • Name: Schema & Structured Data for WP & AMP <= 1.26 - Authenticated (Custom) Stored Cross-Site Scripting
  • Title: Authenticated (Custom) Stored Cross-Site Scripting
  • Type: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
  • CVE: CVE-2024-1586
  • CVSS Score: 6.4 (Medium)
  • Publicly Published: February 19, 2024
  • Researcher: Sh
  • Description: The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom schema in all versions up to, and including, 1.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default the required authentication level is admin, but administrators have the ability to assign role based access to users as low as subscriber.

Summary:

The Schema & Structured Data for WP & AMP for WordPress has two vulnerabilities in versions up to and including 1.26 that could allow for unauthorized modification of reCaptcha keys and stored cross-site scripting. These vulnerabilities have been patched in version 1.27.

Detailed Overview:

Version 1.26 and earlier of the Schema & Structured Data for WP & AMP plugin contain an improper access control vulnerability that could let authenticated users with contributor access or higher modify the stored reCaptcha site key and secret. This was reported by researcher Ngô Thiên An and assigned CVE-2024-1288 with a CVSSv3 score of 4.3 (Medium severity). If exploited, this could break the reCaptcha functionality.

Additionally, all versions including 1.26 and earlier contain an authenticated stored cross-site scripting vulnerability that could let authenticated users inject arbitrary scripts into pages that would execute when other users view those pages. This was reported by researcher Sh and assigned CVE-2024-1586 with a CVSSv3 score of 6.4 (Medium severity). Though by default admin access is required, custom user roles can be granted access.

Advice for Users:

  1. Immediate Action: Users should update to version 1.27 as soon as possible.
  2. Check for Signs of Vulnerability: Review web server access logs for any unexpected requests indicaring exploitation attempts. Also check user roles and capabilities to ensure proper restrictions.
  3. Alternate Plugins: Consider using All In One Schema, WP Schema Pro, or Schema plugin as alternatives that provide similar structured data functionality.
  4. Stay Updated: Enable automatic background updates in WordPress to receive security patches more quickly. Monitor the Wordfence plugin vulnerabilities feed for new issues.

Conclusion:

The quick response by the Schema & Structured Data developers to issue patches for these medium severity vulnerabilities shows their commitment to user security. Users should ensure installation of version 1.27 or later to fully mitigate.

References:

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/schema-and-structured-data-for-wp

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/schema-and-structured-data-for-wp/schema-structured-data-for-wp-amp-126-missing-authorization-to-recaptcha-key-modification

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/schema-and-structured-data-for-wp/schema-structured-data-for-wp-amp-126-authenticated-custom-stored-cross-site-scripting

Detailed Report:

Keeping your WordPress website and its plugins up-to-date is critical for security. Unfortunately, many site owners don't realize the risks of outdated software until their site gets hacked. Recent vulnerabilities discovered in the popular Schema & Structured Data plugin for WordPress underscore this concern. Versions 1.26 and earlier of the plugin contain flaws that could let attackers modify reCaptcha keys or inject malicious code.

While patches have been released, any unsupported versions remain vulnerable. If you use this plugin, now is the time to update. Even if you don’t use this particular plugin, you may host other vulnerable plugins or themes. I’m here to help make sure your site’s software stays on top of the latest security fixes. Just contact me to audit your site’s code or walk through update best practices. Together, we can reinforce your website against compromise.

The Schema & Structured Data plugin, with over 4.9 million downloads and 100,000 active installs, allows WordPress site owners to add structured data markup to improve SEO and accessibility. However, researchers recently discovered two security vulnerabilities impacting versions 1.26 and below of the popular plugin.

The first vulnerability, tracked as CVE-2024-1288, is an improper access control issue that could allow authenticated users with the contributor role or higher to modify the stored reCaptcha site key and secret used by the plugin. This could effectively break the reCaptcha functionality relied on for spam and abuse prevention.

The second vulnerability, CVE-2024-1586, is a stored cross-site scripting flaw that could allow authenticated users to inject malicious JavaScript code into pages that would execute for admin users or other visitors to the site. By default, only admins can access the relevant functionality but custom user roles may also be permitted.

Both of these medium severity security issues could undermine the security of WordPress sites. A site compromised through these vulnerabilities could have its content modified or be used to distribute malware. Fortunately, the plugin developers have addressed the problems in version 1.27.

As a site owner, you should immediately update to the latest secure plugin release. Check that automatic background updates for WordPress and plugins are enabled to more easily stay on top of future security fixes. If you need any help updating or auditing your site, I'm available to assist busy business owners like you in improving website security.

The risks highlighted by vulnerabilities in the Schema & Structured Data plugin illustrate why staying vigilant about software updates is so important. Don’t wait for your site to get hacked before taking action. Together, we can make sure your website avoids compromise through proactive security maintenance. My goal is keeping your site safe, so you can focus on your business.

Staying on top of WordPress security can feel overwhelming for small business owners without dedicated IT staff. At Your WP Guy, we exist to shoulder that burden for you. Our WordPress experts can fully audit, secure, maintain and support your site - so you can focus on growing your business with peace of mind.

Don't tackle security risks alone. Let us help you assess any impact from this vulnerability, update your plugins, and implement ongoing maintenance to avoid future threats. We treat your website like it's our own - because we know how critical it is for reaching your customers.

Get in touch for a free consultation today on making WordPress security stress-free. Call 678-995-5169 or book a call here. Our knowledgeable team is ready to help you safeguard your online presence.

Schema & Structured Data for WP & AMP Vulnerability – Missing Authorization to reCaptcha Key Modification & Authenticated (Custom) Stored Cross-Site Scripting – CVE-2024-1288 & CVE-2024-1586 | WordPress Plugin Vulnerability Report FAQs

Leave a Comment