製品・ソフトウェアに関する情報

JVN脆弱性詳細

Schema App の WordPress 用 Schema App Structured Data における認証の欠如に関する脆弱性

Title	Schema App の WordPress 用 Schema App Structured Data における認証の欠如に関する脆弱性
Summary	Schema App の WordPress 用 Schema App Structured Data には、認証の欠如に関する脆弱性が存在します。
Possible impacts	情報を改ざんされる可能性があります。
Solution	参考情報を参照して適切な対策を実施してください。
Publication Date	May 24, 2024, midnight
Registration Date	April 10, 2025, 3:35 p.m.
Last Update	April 10, 2025, 3:35 p.m.

Affected System

Schema App

Schema App Structured Data 2.2.1 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2024-0893	https://www.cve.org/CVERecord?id=CVE-2024-0893
National Vulnerability Database (NVD)
2	CVE-2024-0893	https://nvd.nist.gov/vuln/detail/CVE-2024-0893

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-862	https://cwe.mitre.org/data/definitions/862.html

その他

No	Name	URL
関連文書
1	plugins.trac.wordpress.org (SchemaEditor.php#L327)	https://plugins.trac.wordpress.org/browser/schema-app-structured-data-for-schemaorg/trunk/lib/SchemaEditor.php#L327
2	www.wordfence.com (1089ab17-b780-4840-8dcd-c50258513634?source=cve)	https://www.wordfence.com/threat-intel/vulnerabilities/id/1089ab17-b780-4840-8dcd-c50258513634?source=cve

Change Log

No	Changed Details	Date of change
1	[2025年04月10日] 掲載	April 10, 2025, 12:21 p.m.

NVD Vulnerability Information

CVE-2024-0893

Summary	The Schema App Structured Data plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MarkupUpdate function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with subscriber access or higher, to update or delete post metadata.
Summary	El complemento Schema App Structured Data para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificación de capacidad en la función MarkupUpdate en todas las versiones hasta la 2.1.0 incluida. Esto hace posible que atacantes autenticados, con acceso de suscriptor o superior, actualicen o eliminen metadatos de publicaciones.
Publication Date	May 24, 2024, 4:15 p.m.
Registration Date	May 24, 2024, 8 p.m.
Last Update	April 9, 2026, 2:17 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:schemaapp:schema_app_structured_data::::::wordpress::*					2.2.1

Related information, measures and tools

No	URL	refsource
1	https://plugins.trac.wordpress.org/browser/schema-app-structured-data-for-schemaorg/trunk/lib/SchemaEditor.php#L327	security@wordfence.com
2	https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3108928%40schema-app-structured-data-for-schemaorg&new=3108928%40schema-app-structured-data-for-schemaorg&sfp_email=&sfph_mail=	security@wordfence.com
3	https://www.wordfence.com/threat-intel/vulnerabilities/id/1089ab17-b780-4840-8dcd-c50258513634?source=cve	security@wordfence.com
4	https://plugins.trac.wordpress.org/browser/schema-app-structured-data-for-schemaorg/trunk/lib/SchemaEditor.php#L327	af854a3a-2127-422b-91ae-364da2661108
5	https://www.wordfence.com/threat-intel/vulnerabilities/id/1089ab17-b780-4840-8dcd-c50258513634?source=cve	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List