cleantalk
Vulnerabilities and Security Researches

WP-Recall – Registration, Profile, Commerce & More, CVE-2024-9771

CVE, Research URL

CVE-2024-9771

Home page URL

Security reports for WP-Recall – Registration, Profile, Commerce & More

Application

WP-Recall – Registration, Profile, Commerce & More

Published on
Apr 28, 2025
Research Description
The WP-Recall WordPress plugin before 16.26.12 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions
Min -, max 16.26.12.
Status
vulnerable
Previous vulnerability researches
Elite crypto checkout (5168e230bf164d8e0ebd8f95ccf9add5694cd07c) , Jun 07, 2024
Cryptocurrency Product for WooCommerce (59be8784a762f909def4834a3e75edf09048c69a) , Jun 07, 2024
Cryptocurrency Product for WooCommerce (CVE-2022-4974) , Nov 15, 2024
Crypto (CVE-2024-9990) , Oct 30, 2024
Crypto (CVE-2024-9989) , May 07, 2025
New vulnerability
SMS Alert Order Notifications – WooCommerce (CVE-2025-3876) , May 11, 2025
SMS Alert Order Notifications – WooCommerce (CVE-2025-3878) , May 11, 2025
WordPress Review Plugin: The Ultimate Solution for Building a Review Website (CVE-2025-2158) , May 11, 2025
Drag and Drop Multiple File Upload for WooCommerce (CVE-2025-4403) , May 11, 2025
Contact Us By Lord Linus (CVE-2025-1382) , May 11, 2025