cleantalk
Vulnerabilities and Security Researches

WP-Recall – Registration, Profile, Commerce & More, 622793af3b328d977b3f5341e896f387c0fdbb66

CVE, Research URL

622793af3b328d977b3f5341e896f387c0fdbb66

Home page URL

Security reports for WP-Recall – Registration, Profile, Commerce & More

Application

WP-Recall – Registration, Profile, Commerce & More

Published on
Oct 05, 2021
Research Description
WP-Recall &#8211; Registration, Profile, Commerce &amp; More [wp-recall] < 16.24.48 (closed) WP-Recall <= 16.24.47 - Reflected Cross-Site Scripting The WP-Recall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'date-start' and 'end-start' parameters in versions up to, and including, 16.24.47 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
Min -, max 16.24.48.
Status
vulnerable
Previous vulnerability researches
WP-Recall &#8211; Registration, Profile, Commerce &amp; More (CVE-2025-1323) , Mar 09, 2025
WP-Recall &#8211; Registration, Profile, Commerce &amp; More (CVE-2025-1324) , Mar 09, 2025
WP-Recall &#8211; Registration, Profile, Commerce &amp; More (CVE-2025-1325) , Mar 09, 2025
WP-Recall &#8211; Registration, Profile, Commerce &amp; More (CVE-2025-1322) , Mar 09, 2025
WP-Recall &#8211; Registration, Profile, Commerce &amp; More (CVE-2024-1175) , Jul 23, 2024
New vulnerability
SMS Alert Order Notifications &#8211; WooCommerce (CVE-2025-3876) , May 11, 2025
SMS Alert Order Notifications &#8211; WooCommerce (CVE-2025-3878) , May 11, 2025
WordPress Review Plugin: The Ultimate Solution for Building a Review Website (CVE-2025-2158) , May 11, 2025
Drag and Drop Multiple File Upload for WooCommerce (CVE-2025-4403) , May 11, 2025
Contact Us By Lord Linus (CVE-2025-1382) , May 11, 2025