WP-Safety

Schema Package – Structured Data & Rich Snippets Tool for SEO Security & Risk Analysis

wordpress.org/plugins/schema-package

Helps website owners automate and add versatile schema markup to their websites, enabling more informative and visually appealing search results.

100 active installs v1.0.30 PHP 7.4+ WP 5.0+ Updated Feb 22, 2026
carousel-schemajson-ldlocal-business-schemaproduct-schemarich-results
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Schema Package – Structured Data & Rich Snippets Tool for SEO Safe to Use in 2026?

Generally Safe

Score 100/100

Schema Package – Structured Data & Rich Snippets Tool for SEO has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "schema-package" plugin v1.0.30 exhibits a generally strong security posture based on the provided static analysis. The plugin demonstrates good practices by implementing capability checks for all identified REST API routes and AJAX handlers, and it exclusively uses prepared statements for SQL queries, mitigating the risk of SQL injection. Furthermore, the high percentage of properly escaped outputs suggests a good effort to prevent cross-site scripting vulnerabilities. The absence of known CVEs and a clean vulnerability history are positive indicators of the plugin's historical security reliability.

However, a significant concern arises from the presence of the `unserialize` function, which is flagged as a dangerous function. While the static analysis did not identify any direct exploitable flows involving `unserialize` or unsanitized paths in the taint analysis, its mere presence represents a potential attack vector if user-supplied data is ever unserialized without extremely robust validation. The plugin also has a moderate attack surface with 35 total entry points, though all are currently protected. A minimal number of nonce checks (2) might also be a concern if these do not cover critical operations adequately.

In conclusion, "schema-package" v1.0.30 is a well-secured plugin with excellent practices in API access control and database querying. The primary weakness lies in the use of `unserialize` without a clear indication of how its input is being handled or sanitized. This warrants careful consideration, and while the vulnerability history is clean, the presence of this dangerous function introduces a latent risk that should be monitored.

Key Concerns

  • Use of dangerous unserialize function
  • Low number of nonce checks
Vulnerabilities
None known

Schema Package – Structured Data & Rich Snippets Tool for SEO Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Schema Package – Structured Data & Rich Snippets Tool for SEO Code Analysis

Dangerous Functions
18
Raw SQL Queries
0
11 prepared
Unescaped Output
5
76 escaped
Nonce Checks
2
Capability Checks
37
File Operations
2
External Requests
7
Bundled Libraries
0

Dangerous Functions Found

unserializeif ( @unserialize( $meta[0] ) !== false ) {admin\includes\class-smpg-api-action.php:121
unserialize$post_meta[$key] = @unserialize( $meta[0] );admin\includes\class-smpg-api-action.php:122
unserialize$saved_taxonomies = unserialize($post_meta['_taxonomies'][0]);admin\includes\class-smpg-api-mapper.php:580
unserialize$saved_automation = unserialize($post_meta['_automation_with'][0]);admin\includes\class-smpg-api-mapper.php:584
unserialize$meta_data[$key] = unserialize($meta[0]);admin\includes\class-smpg-api-mapper.php:682
unserialize$automation = unserialize( $schema_data['_automation_with'][0] );json-ld\automation.php:15
unserialize$automation = unserialize( $schema_data['_automation_with'][0] );json-ld\automation.php:36
unserialize$automation = unserialize($schema_data['_automation_with'][0]);json-ld\automation.php:184
unserialize$automation = unserialize($schema_data['_automation_with'][0]);json-ld\automation.php:294
unserialize$automation = unserialize($schema_data['_automation_with'][0]);json-ld\automation.php:366
unserialize$automation = unserialize($schema_data['_automation_with'][0]);json-ld\automation.php:572
unserialize$accordion_data = unserialize(get_post_meta( get_the_ID(), 'wpsm_accordion_data', true));json-ld\automation.php:1051
unserialize$automation = unserialize($schema_data['_automation_with'][0]);json-ld\automation.php:1099
unserialize$condition = unserialize($schema_data['_enabled_on'][0]);json-ld\conditions.php:51
unserialize$condition = unserialize($schema_data['_disabled_on'][0]);json-ld\conditions.php:109
unserialize$unser_schema_data = unserialize($schema_data['_taxonomies'][0]);json-ld\conditions.php:179
unserialize$mp_values = unserialize( $schema_data['_mapped_properties_value'][0] );json-ld\mapping.php:11
unserialize$mp_keys = unserialize( $schema_data['_mapped_properties_key'][0] );json-ld\mapping.php:12

SQL Query Safety

100% prepared11 total queries

Output Escaping

94% escaped81 total outputs
Data Flows
All sanitized

Data Flow Analysis

1 flows
<markup> (json-ld\markup.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Schema Package – Structured Data & Rich Snippets Tool for SEO Attack Surface

Entry Points35
Unprotected0

AJAX Handlers 3

authwp_ajax_smpg_send_feedbackadmin\feedback\feedback.php:196
authwp_ajax_smpg_json_ld_client_side_outputjson-ld\markup.php:72
noprivwp_ajax_smpg_json_ld_client_side_outputjson-ld\markup.php:73

REST API Routes 32

GET/wp-json/smpg-routeget-repeater-elementadmin\includes\class-smpg-api-controller.php:31
GET/wp-json/smpg-routeget-post-metaadmin\includes\class-smpg-api-controller.php:39
POST/wp-json/smpg-routeget-selected-schema-propertiesadmin\includes\class-smpg-api-controller.php:46
POST/wp-json/smpg-routesave-post-metaadmin\includes\class-smpg-api-controller.php:53
GET/wp-json/smpg-routeget-schema-loopadmin\includes\class-smpg-api-controller.php:61
POST/wp-json/smpg-routechange-post-statusadmin\includes\class-smpg-api-controller.php:69
POST/wp-json/smpg-routesave-schema-dataadmin\includes\class-smpg-api-controller.php:76
POST/wp-json/smpg-routesave-carousel-schema-dataadmin\includes\class-smpg-api-controller.php:83
POST/wp-json/smpg-routeupdate-misc-schemaadmin\includes\class-smpg-api-controller.php:90
POST/wp-json/smpg-routeupdate-settingsadmin\includes\class-smpg-api-controller.php:97
POST/wp-json/smpg-routesend-customer-queryadmin\includes\class-smpg-api-controller.php:104
POST/wp-json/smpg-routereset-settingsadmin\includes\class-smpg-api-controller.php:111
GET/wp-json/smpg-routeget-schema-dataadmin\includes\class-smpg-api-controller.php:118
GET/wp-json/smpg-routeget-carousel-schema-dataadmin\includes\class-smpg-api-controller.php:125
GET/wp-json/smpg-routeget-automation-withadmin\includes\class-smpg-api-controller.php:132
GET/wp-json/smpg-routeget-schema-propertiesadmin\includes\class-smpg-api-controller.php:139
GET/wp-json/smpg-routeget-carousel-automation-withadmin\includes\class-smpg-api-controller.php:146
GET/wp-json/smpg-routeget-plugin-listadmin\includes\class-smpg-api-controller.php:153
GET/wp-json/smpg-routeplacement-searchadmin\includes\class-smpg-api-controller.php:160
GET/wp-json/smpg-routecarousel-placement-searchadmin\includes\class-smpg-api-controller.php:167
GET/wp-json/smpg-routeget-settingsadmin\includes\class-smpg-api-controller.php:174
GET/wp-json/smpg-routeget-misc-schemaadmin\includes\class-smpg-api-controller.php:181
GET/wp-json/smpg-routeget-page-listadmin\includes\class-smpg-api-controller.php:188
GET/wp-json/smpg-routeexport-settingsadmin\includes\class-smpg-api-controller.php:195
GET/wp-json/smpg-routeget-tagsadmin\includes\class-smpg-api-controller.php:202
GET/wp-json/smpg-routeget-mapping-meta-listadmin\includes\class-smpg-api-controller.php:209
GET/wp-json/smpg-routeget-taxonomiesadmin\includes\class-smpg-api-controller.php:216
GET/wp-json/smpg-routeget-custom-fieldsadmin\includes\class-smpg-api-controller.php:223
GET/wp-json/smpg-routeget-advanced-custom-fieldsadmin\includes\class-smpg-api-controller.php:230
GET/wp-json/smpg-individual-routeget-repeater-elementadmin\includes\class-smpg-api-individual-controller.php:33
POST/wp-json/smpg-individual-routeget-selected-schema-propertiesadmin\includes\class-smpg-api-individual-controller.php:40
POST/wp-json/smpg-individual-routesave-post-metaadmin\includes\class-smpg-api-individual-controller.php:47
WordPress Hooks 42
filteradmin_footeradmin\feedback\feedback.php:24
actionadmin_enqueue_scriptsadmin\feedback\feedback.php:219
actionrest_api_initadmin\includes\class-smpg-api-controller.php:17
actionrest_api_initadmin\includes\class-smpg-api-individual-controller.php:19
actionadmin_initadmin\includes\class-smpg-individual-post.php:23
actionadmin_enqueue_scriptsadmin\includes\class-smpg-individual-post.php:24
actionshow_user_profileadmin\includes\class-smpg-individual-post.php:63
actionedit_user_profileadmin\includes\class-smpg-individual-post.php:64
actionsave_post_smpg_singular_schemaadmin\includes\setup.php:5
actionsave_post_smpg_carousel_schemaadmin\includes\setup.php:6
actionafter_delete_postadmin\includes\setup.php:7
actionplugins_loadedadmin\includes\setup.php:8
actionplugins_loadedadmin\includes\setup.php:9
actionplugins_loadedadmin\includes\setup.php:10
actionadmin_enqueue_scriptsadmin\includes\setup.php:11
actionadmin_menuadmin\includes\setup.php:602
actionin_admin_headeradmin\includes\setup.php:708
actionadmin_headadmin\includes\setup.php:752
filterimage_resize_dimensionshelper\class-smpg-aq-resize.php:90
filtersmpg_filter_faqpage_json_ldjson-ld\automation.php:7
filtersmpg_filter_course_json_ldjson-ld\automation.php:28
filtersmpg_filter_product_json_ldjson-ld\automation.php:175
filtersmpg_filter_review_json_ldjson-ld\automation.php:176
filtersmpg_filter_jobposting_json_ldjson-ld\automation.php:286
filtersmpg_filter_book_json_ldjson-ld\automation.php:358
filtersmpg_filter_faqpage_json_ldjson-ld\automation.php:564
filtersmpg_filter_product_json_ldjson-ld\automation.php:1090
actionwp_enqueue_scriptsjson-ld\markup.php:47
actiongraphql_register_typesjson-ld\markup.php:78
actionrest_api_initjson-ld\markup.php:133
actioninitjson-ld\markup.php:176
actionwp_headjson-ld\markup.php:189
filtertribe_json_ld_event_datajson-ld\markup.php:476
filterwp_postratings_schema_itemtypejson-ld\markup.php:479
filterwp_postratings_google_structured_datajson-ld\markup.php:480
actionrank_math/json_ldjson-ld\markup.php:483
filteraioseo_schema_disablejson-ld\markup.php:486
filterwpseo_json_ld_outputjson-ld\markup.php:489
filterthe_seo_framework_receive_json_datajson-ld\markup.php:493
filtersq_json_ldjson-ld\markup.php:496
filterwds-schema-datajson-ld\markup.php:499
actionwp_headjson-ld\markup.php:502
Maintenance & Trust

Schema Package – Structured Data & Rich Snippets Tool for SEO Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 22, 2026
PHP min version7.4
Downloads4K

Community Trust

Rating96/100
Number of ratings19
Active installs100
Alternatives

Schema Package – Structured Data & Rich Snippets Tool for SEO Alternatives

Pointalize FAQ Markup

Pointalize FAQ Markup

pointalize-faq-markup

A
100

Automatically adds FAQPage JSON-LD markup to WordPress posts and pages for Google Rich Results.

10 No CVEs
Schema

Schema

schema

A
100

Get the next generation of Schema Structured Data to enhance your WordPress site presentation in Google search results.

40K No CVEs
FAQ Schema For Pages And Posts

FAQ Schema For Pages And Posts

faq-schema-for-pages-and-posts

A
85

FAQ Schema For Pages And Posts by Krystian Szastok Founder of RobotZebra - a London based SEO agency, allows you to turn questions and answers on your &hellip;

8K No CVEs
Schema App Structured Data

Schema App Structured Data

schema-app-structured-data-for-schemaorg

A
97

Get Schema.org structured data for all pages, posts, categories and profile pages on activation. Use Schema App to customize any Schema Markup.

7K 4 CVEs
Local Business Schema (JSON-LD) Lite

Local Business Schema (JSON-LD) Lite

wpspeed-localbusiness-schema

A
100

Boost Local SEO with Smart Local Business Schema JSON-LD

3K No CVEs
Developer Profile

Schema Package – Structured Data & Rich Snippets Tool for SEO Developer Profile

amanstacker

3 plugins · 100 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Schema Package – Structured Data & Rich Snippets Tool for SEO

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/schema-package/json-ld/mapping.php/wp-content/plugins/schema-package/json-ld/generate.php/wp-content/plugins/schema-package/json-ld/individual-post.php/wp-content/plugins/schema-package/json-ld/markup.php/wp-content/plugins/schema-package/json-ld/conditions.php/wp-content/plugins/schema-package/json-ld/automation.php/wp-content/plugins/schema-package/helper/class-smpg-aq-resize.php/wp-content/plugins/schema-package/helper/class-youtube-data-api.php+10 more

HTML / DOM Fingerprints

CSS Classes
smpg-dp-headersmpg-fd-stop-deactivationsmpg-dp-bodysmpg-dp-reasonssmpg-feedback-notesmpg-d-nonesmpg-dp-footersmpg-only-deactivate+1 more
Data Attributes
data-id="smpg-reason3"data-id="smpg-reason4"data-id="smpg-reason5"data-id="smpg-reason6"
FAQ

Frequently Asked Questions about Schema Package – Structured Data & Rich Snippets Tool for SEO