[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-9067":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-10T17:21:59.993Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":68,"aliases":78,"duplicate_of":9,"upstream":79,"downstream":80,"duplicates":81,"related":82,"reserved_at":9,"published_at":83,"modified_at":84,"state":85,"summary":86,"references_raw":94,"kevs":102,"epss":103,"epss_history":106,"metrics":108,"affected":116},"CVE-2026-9067","The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and does not validate the actual content of uploaded files against the endpoint's intended media type, allowing unauthenticated users to upload any file type accepted by WordPress's media library through endpoints that should only accept images or videos.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-434","Unrestricted Upload of File with Dangerous Type","The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.","weakness","Draft","Base","Medium",[20],{"id":21,"name":22,"techniques":23},"CAPEC-1","Accessing Functionality Not Properly Constrained by ACLs",[24],{"id":25,"name":26,"tactics":27,"countermeasures":43},"T1574.010","Services File Permissions Weakness",[28,31,34,37,40],{"id":29,"name":30},"TA0110","Persistence",{"id":32,"name":33},"TA0111","Privilege Escalation",{"id":35,"name":36},"TA0030","Defense Evasion",{"id":38,"name":39},"TA0005","Stealth",{"id":41,"name":42},"TA0104","Execution",[44,49,53,58,63],{"id":45,"name":46,"tactic":47},"D3-SWI","Software Inventory",{"name":48},"Model",{"id":50,"name":51,"tactic":52},"D3-AVE","Asset Vulnerability Enumeration",{"name":48},{"id":54,"name":55,"tactic":56},"D3-SBV","Service Binary Verification",{"name":57},"Detect",{"id":59,"name":60,"tactic":61},"D3-SU","Software Update",{"name":62},"Harden",{"id":64,"name":65,"tactic":66},"D3-RS","Restore Software",{"name":67},"Restore",[69],{"_key":70,"name":71,"source":72,"url":73,"maturity":74,"reliability_score":75,"verified":76,"type":9,"platforms":77,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_12F96842503EAB9D","Exploit Reference (wpscan.com)","reference","https://wpscan.com/vulnerability/7fac98eb-f82c-4705-a956-aba650945826/","unknown",0.2,false,[],[],[],[],[],[],"2026-06-10T06:00:12.194Z","2026-06-10T10:44:28.578Z","Received",{"cisa_kev":76,"cisa_ransomware":76,"cisa_vendor":9,"epss_severity":87,"epss_score":88,"severity":89,"severity_score":90,"severity_version":91,"severity_source":92,"severity_vector":93,"severity_status":85},"low",0.00056,"critical",9.1,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",[95],{"url":73,"sources":96,"tags":98},[92,97],"nvd",[99,100,101],"Exploit","VDB Entry","Technical Description",[],{"date":104,"score":88,"percentile":105},"2026-06-10",0.17743,[107],{"date":104,"score":88,"percentile":105},[109,114],{"source":92,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":110,"cvss_v4_0":9},{"baseScore":90,"baseSeverity":111,"vectorString":93,"impactScore":112,"exploitabilityScore":113},"CRITICAL",8.7,10,{"source":97,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":115,"cvss_v4_0":9},{"baseScore":90,"baseSeverity":111,"vectorString":93,"impactScore":112,"exploitabilityScore":113},[117],{"ecosystem":9,"name":118,"vendor":74,"product":119,"cpe_part":120,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":121},"Schema & Structured Data for WP & AMP","schema & structured data for wp & amp","a",[122],{"version":123,"is_range":124,"range_type":92,"version_start":9,"version_start_type":9,"version_end":125,"version_end_type":126,"fixed_in":9},"\u003C 1.60",true,"1.60","excluding"]