Plechevandrey

Wp-recall

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.5

CVE-2024-9771

Exploit
  • EPSS 0.17%
  • Veröffentlicht 28.04.2025 06:15:16
  • Zuletzt bearbeitet 29.04.2025 21:09:36

The WP-Recall WordPress plugin before 16.26.12 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallo...

4.7

CVE-2024-9770

Exploit
  • EPSS 0.08%
  • Veröffentlicht 25.03.2025 06:00:13
  • Zuletzt bearbeitet 29.04.2025 17:24:12

The WP-Recall WordPress plugin before 16.26.12 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks

9.8

CVE-2025-1323

  • EPSS 53.21%
  • Veröffentlicht 08.03.2025 10:15:11
  • Zuletzt bearbeitet 12.03.2025 16:24:59

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to SQL Injection via the 'databeat' parameter in all versions up to, and including, 16.26.10 due to insufficient escaping on the user supplied parameter and lac...

5.4

CVE-2025-1324

  • EPSS 0.03%
  • Veröffentlicht 08.03.2025 10:15:11
  • Zuletzt bearbeitet 24.03.2025 18:13:16

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'public-form' shortcode in all versions up to, and including, 16.26.10 due to insufficient input sanitization an...

6.3

CVE-2025-1325

  • EPSS 0.09%
  • Veröffentlicht 08.03.2025 10:15:11
  • Zuletzt bearbeitet 24.03.2025 18:12:02

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to arbitrary shortcode execution due to a missing capability check on the 'rcl_preview_post' AJAX endpoint in all versions up to, and including, 16.26.10. This ...

4.3

CVE-2025-1322

  • EPSS 0.11%
  • Veröffentlicht 08.03.2025 10:15:10
  • Zuletzt bearbeitet 13.03.2025 13:01:31

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 16.26.10 via the 'feed' shortcode due to insufficient restrictions on which posts can be included....

9.8

CVE-2024-8292

  • EPSS 0.85%
  • Veröffentlicht 06.09.2024 07:15:03
  • Zuletzt bearbeitet 12.09.2024 12:37:18

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to privilege escalation/account takeover in all versions up to, and including, 16.26.8. This is due to to plugin not properly verifying a user's identity during...

5.4

CVE-2024-35657

  • EPSS 0.09%
  • Veröffentlicht 08.06.2024 16:15:08
  • Zuletzt bearbeitet 21.11.2024 09:20:35

Cross-Site Request Forgery (CSRF) vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.6.

5.3

CVE-2024-1175

  • EPSS 0.22%
  • Veröffentlicht 06.06.2024 04:15:11
  • Zuletzt bearbeitet 21.11.2024 08:49:58

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'delete_payment' function in all versions up to, and including, 16.26.6. This makes it pos...

9.3

CVE-2024-32709

  • EPSS 90.25%
  • Veröffentlicht 24.04.2024 08:15:38
  • Zuletzt bearbeitet 21.11.2024 09:15:31

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.5.