cleantalk
Vulnerabilities and Security Researches

WP-Recall – Registration, Profile, Commerce & More, CVE-2024-9771

CVE, Research URL

CVE-2024-9771

Home page URL

Security reports for WP-Recall – Registration, Profile, Commerce & More

Application

WP-Recall – Registration, Profile, Commerce & More

Published on
Apr 28, 2025
Research Description
The WP-Recall WordPress plugin before 16.26.12 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions
Min -, max 16.26.12.
Status
vulnerable
Previous vulnerability researches
Theme Blvd Sliders (CVE-2025-46456) , May 07, 2025
Theme Blvd Sliders (35e355420bff6e6fbbf1c55074e47f35e5759ac5) , Jun 07, 2024
New vulnerability
SMS Alert Order Notifications – WooCommerce (CVE-2025-3876) , May 11, 2025
SMS Alert Order Notifications – WooCommerce (CVE-2025-3878) , May 11, 2025
WordPress Review Plugin: The Ultimate Solution for Building a Review Website (CVE-2025-2158) , May 11, 2025
Drag and Drop Multiple File Upload for WooCommerce (CVE-2025-4403) , May 11, 2025
Contact Us By Lord Linus (CVE-2025-1382) , May 11, 2025