Description
The Review Schema plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.4 via post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.
Published: 2025-03-11
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Local File Inclusion leading to potential code execution for authenticated contributors and above
Action: Patch Now
AI Analysis

Impact

The vulnerability in the Review Schema WordPress plugin allows authenticated users with contributor-level or higher permissions to trigger a local file inclusion by manipulating post meta. Because the included files can contain PHP code, an attacker can execute arbitrary scripts on the server, potentially bypassing access controls, extracting confidential data, or performing further exploitation. This flaw is a classic instance of CWE‑98, wherein insecure handling of user-controlled paths leads to inclusion of untrusted files.

Affected Systems

The affected product is the Review Schema – Review & Structure Data Schema Plugin for WordPress. All versions up to and including 2.2.4 are vulnerable. Users running any of these versions should update to the latest release, which omits the insecure include mechanism.

Risk and Exploitability

The CVSS score of 8.8 classifies this flaw as high severity. The EPSS score is below 1% indicating a low but nonzero probability that exploitation will occur in the wild. The vulnerability is not listed in CISA’s KEV catalog. Because the flaw requires authentication at the contributor level or higher, an attacker must first compromise or become an authenticated account before exploiting the file inclusion. Once authenticated, the attacker can supply arbitrary file paths via post meta and cause the server to execute the targeted PHP code. Given the high impact and the fact that valid user accounts are common in most installations, the risk to affected sites is significant if the flaw remains unpatched.

Generated by OpenCVE AI on April 21, 2026 at 22:00 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Review Schema plugin to a version beyond 2.2.4, where the vulnerable inclusion mechanism has been removed.
  • If an immediate upgrade is not possible, disable the shortcodes or filters that trigger the include logic or restrict contributors from posting content that may invoke them.
  • Apply restrictive file permissions to the directories where uploads are stored, ensuring that uploaded files cannot be executed, and remove or rename any PHP files that could be included via user input.

Generated by OpenCVE AI on April 21, 2026 at 22:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-7411 The Review Schema plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.4 via post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.
History

Fri, 11 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00129}

 epss

{'score': 0.00161}

Wed, 12 Mar 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 11 Mar 2025 21:30:00 +0000

Type Values Removed Values Added
Description The Review Schema plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.4 via post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.
Title Review Schema <= 2.2.4 - Authenticated (Contributor+) Local File Inclusion via Post Meta
Weaknesses CWE-98
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:11:14.337Z

Reserved: 2025-02-26T05:45:57.368Z

Link: CVE-2025-1707

cve-icon Vulnrichment

Updated: 2025-03-12T14:06:27.240Z

cve-icon NVD

Status : Deferred

Published: 2025-03-11T22:15:12.583

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-1707

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-21T22:15:45Z

Weaknesses