cleantalk
Vulnerabilities and Security Researches

WP-Recall – Registration, Profile, Commerce & More, CVE-2024-1175

CVE, Research URL

CVE-2024-1175

Home page URL

Security reports for WP-Recall – Registration, Profile, Commerce & More

Application

WP-Recall – Registration, Profile, Commerce & More

Published on
Jun 06, 2024
Research Description
The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'delete_payment' function in all versions up to, and including, 16.26.6. This makes it possible for unauthenticated attackers to delete arbitrary payments.
Affected versions
Min -, max 16.26.6.
Status
vulnerable
Previous vulnerability researches
WP-Recall – Registration, Profile, Commerce & More (CVE-2025-1323) , Mar 09, 2025
WP-Recall – Registration, Profile, Commerce & More (CVE-2025-1324) , Mar 09, 2025
WP-Recall – Registration, Profile, Commerce & More (CVE-2025-1325) , Mar 09, 2025
WP-Recall – Registration, Profile, Commerce & More (CVE-2025-1322) , Mar 09, 2025
WP-Recall – Registration, Profile, Commerce & More (CVE-2024-1175) , Jul 23, 2024
New vulnerability
BMI Adult & Kid Calculator (CVE-2025-47618) , May 12, 2025
SMS Alert Order Notifications – WooCommerce (CVE-2025-3876) , May 11, 2025
SMS Alert Order Notifications – WooCommerce (CVE-2025-3878) , May 11, 2025
WordPress Review Plugin: The Ultimate Solution for Building a Review Website (CVE-2025-2158) , May 11, 2025
Drag and Drop Multiple File Upload for WooCommerce (CVE-2025-4403) , May 11, 2025