cleantalk
Vulnerabilities and Security Researches

WP-Recall – Registration, Profile, Commerce & More, CVE-2025-1325

CVE, Research URL

CVE-2025-1325

Home page URL

Security reports for WP-Recall – Registration, Profile, Commerce & More

Application

WP-Recall – Registration, Profile, Commerce & More

Published on
Mar 08, 2025
Research Description
The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to arbitrary shortcode execution due to a missing capability check on the 'rcl_preview_post' AJAX endpoint in all versions up to, and including, 16.26.10. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.
Affected versions
Min -, max 16.26.12.
Status
vulnerable
Previous vulnerability researches
WP-Recall – Registration, Profile, Commerce & More (CVE-2025-1323) , Mar 09, 2025
WP-Recall – Registration, Profile, Commerce & More (CVE-2025-1324) , Mar 09, 2025
WP-Recall – Registration, Profile, Commerce & More (CVE-2025-1325) , Mar 09, 2025
WP-Recall – Registration, Profile, Commerce & More (CVE-2025-1322) , Mar 09, 2025
WP-Recall – Registration, Profile, Commerce & More (CVE-2024-1175) , Jul 23, 2024
New vulnerability
BMI Adult & Kid Calculator (CVE-2025-47618) , May 12, 2025
SMS Alert Order Notifications – WooCommerce (CVE-2025-3876) , May 11, 2025
SMS Alert Order Notifications – WooCommerce (CVE-2025-3878) , May 11, 2025
WordPress Review Plugin: The Ultimate Solution for Building a Review Website (CVE-2025-2158) , May 11, 2025
Drag and Drop Multiple File Upload for WooCommerce (CVE-2025-4403) , May 11, 2025