The root cert for www.schrauger.com is StartCom Certificate Authority. Isn't it their (StartCom's) responsibility to make sure the owner of Certification Authority of WoSign (the next cert in the chain) is acting in accord with some terms and conditions? Secondly, should the browser vendors remove StartCom CA as a trusted root? Do they not do that because all the StsrtSSL sites would break? Fine with me, personally.
WoSign is included as a root certificate. When they first started, they weren't in all browser stores, so StartCom cross-signed their root certificate.
That way, WoSign could create certificates while they waited for browsers to update with their root certificate. It also helps for legacy/embedded systems that don't get updates, since StartCom has existed far longer. Due to the cross-sign, all WoSign certificates are still compatible.
IIRC not in this case because WoSign had been accepted as a root, it just wasn't in all browsers yet. LetsEncrypt went through the same process -- it was accepted, but it takes time for root store updates to reach all consumers so in the meantime it was cross signed by some other ca. That ca has no responsibility here, since letsencrypt was itself accepted as a CA and was a peer (and is thus fully responsible for its own actions)
[Edited to clarify who "their" meant]