CVE-2025-1322

Medium CVSS: 4.3

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 16.26.10 via the 'feed' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to view data from password protected, private, or draft posts that they should not have access to.

Vendor

Plechevandrey

Product

Wp-recall

CWE

CWE-200

Yayın Tarihi

2025-03-08 10:15:10

Güncelleme

2025-03-13 13:01:31

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-200 Wp-recall MEDIUM Plechevandrey 2025

Referanslar

https://plugins.trac.wordpress.org/changeset/3250094/wp-recall/trunk/add-on/rcl-chat/core.php https://www.wordfence.com/threat-intel/vulnerabilities/id/c667be65-e6d3-40e1-aeec-384d309fde3d?source=cve

Benzer Kayıtlar

Low

CVE-2024-9771

The WP-Recall WordPress plugin before 16.26.12 does not sanitise and escape some of its settings, which could allow hig…

Medium

CVE-2024-9770

The WP-Recall WordPress plugin before 16.26.12 does not sanitize and escape a parameter before using it in a SQL statem…

High

CVE-2025-1323

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to SQL Injection via the 'data…

Medium

CVE-2025-1324

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting…

Medium

CVE-2025-1325

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to arbitrary shortcode executi…