Review Schema
Monthly
The RadiusTheme Review Schema WordPress plugin versions up to and including 2.2.6 contains an information disclosure vulnerability (CWE-497) that allows unauthorized attackers to retrieve embedded sensitive data through the plugin's schema implementation. An attacker can exploit this vulnerability to access system information that should not be exposed, potentially leveraging the data for reconnaissance or further attacks. No CVSS score, EPSS data, or confirmed KEV/POC status is currently available, but the vulnerability has been documented by Patchstack and assigned EUVD-2026-15657.
The WordPress Review & Structure Data Schema Plugin - Review Schema plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtrs_review_edit(). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
The RadiusTheme Review Schema WordPress plugin versions up to and including 2.2.6 contains an information disclosure vulnerability (CWE-497) that allows unauthorized attackers to retrieve embedded sensitive data through the plugin's schema implementation. An attacker can exploit this vulnerability to access system information that should not be exposed, potentially leveraging the data for reconnaissance or further attacks. No CVSS score, EPSS data, or confirmed KEV/POC status is currently available, but the vulnerability has been documented by Patchstack and assigned EUVD-2026-15657.
The WordPress Review & Structure Data Schema Plugin - Review Schema plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtrs_review_edit(). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.