CVE-2026-25344
Received Received - Intake
Information Exposure in RadiusTheme Review Schema

Publication date: 2026-03-25

Last updated on: 2026-03-26

Assigner: Patchstack

Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme Review Schema review-schema allows Retrieve Embedded Sensitive Data.This issue affects Review Schema: from n/a through <= 2.2.6.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-03-26
Generated
2026-06-16
AI Q&A
2026-03-25
EPSS Evaluated
2026-06-15
NVD
CVE-2026-25344
EUVD
EUVD-2026-15657
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
radiustheme review_schema to 2.2.6 (inc)
radius_theme review_schema to 2.2.6 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-497 The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-25344 is a vulnerability in the WordPress Review Schema Plugin versions up to and including 2.2.6 that allows exposure of sensitive system information to unauthorized users.

Specifically, malicious actors with subscriber or developer privileges can retrieve embedded sensitive data that should normally be restricted.

This vulnerability is classified under the OWASP Top 10 category A3: Sensitive Data Exposure and has a moderate severity level with a CVSS score of 6.5.

Impact Analysis

The vulnerability allows users with subscriber or developer privileges to access sensitive information that should be protected.

This exposure could potentially enable further exploitation of the system by attackers.

Although the impact is considered low priority and exploitation is unlikely, such vulnerabilities are often targeted in mass-exploit campaigns affecting many websites regardless of their popularity.

Users are strongly advised to update to version 2.2.7 or later of the plugin to mitigate this risk.

Detection Guidance

This vulnerability affects WordPress sites using the Review Schema Plugin version 2.2.6 or earlier. Detection involves identifying if your system is running a vulnerable version of this plugin.

You can check the installed plugin version by running commands on your server or through the WordPress admin interface.

  • Using WP-CLI: wp plugin list | grep review-schema
  • Manually checking the plugin version in the WordPress admin dashboard under Plugins.

Since the vulnerability requires subscriber or developer privileges to exploit, monitoring for unusual access or privilege escalations related to these roles may also help detect exploitation attempts.

Mitigation Strategies

The primary and immediate mitigation step is to update the Review Schema Plugin to version 2.2.7 or later, where the vulnerability has been patched.

Additionally, consider implementing auto-updates for vulnerable plugins to ensure rapid protection against similar issues in the future.

Limit subscriber and developer privileges to trusted users only, as the vulnerability requires these roles to be exploited.

Compliance Impact

The vulnerability in the Review Schema Plugin allows unauthorized access to sensitive system information by users with subscriber or developer privileges. Exposure of sensitive data can lead to non-compliance with data protection regulations such as GDPR and HIPAA, which require strict controls on access to personal and sensitive information.

Although the impact is considered low priority and unlikely to be exploited, the presence of such a vulnerability increases the risk of data breaches, which can result in regulatory penalties and loss of trust. Therefore, organizations using the affected plugin versions should update to the patched version 2.2.7 or later to maintain compliance with common standards and regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25344. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart