WP-Recall <= 16.26.5 - SQL Injection

The WP-Recall Registration, Profile, Commerce & More plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 16.26.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

CVE-2025-1325

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to arbitrary shortcode execution due to a missing capability check on the 'rclpreviewpost' AJAX endpoint in all versions up to, and including, 16.26.10. This makes it possible for authenticated attackers, wi...

CVE-2025-1323

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to SQL Injection via the 'databeat' parameter in all versions up to, and including, 16.26.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

EUVD-2024-54439

Malicious code in bioql PyPI...

EUVD-2025-6292

Malicious code in bioql PyPI...

WordPress plugin WP-Recall 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

CVE-2025-49991 WordPress WP-Recall plugin <= 16.26.14 - Broken Access Control Vulnerability

Missing Authorization vulnerability in tggfref WP-Recall allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP-Recall: from n/a through 16.26.14...

CVE-2025-30981 WordPress WP-Recall plugin <= 16.26.14 - CSRF to Privilege Escalation vulnerability

Cross-Site Request Forgery CSRF vulnerability in tggfref WP-Recall allows Privilege Escalation. This issue affects WP-Recall: from n/a through 16.26.14...

WordPress plugin WP-Recall 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site...

Exploit for SQL Injection in Plechevandrey Wp-Recall

cve-2025-1323 WP-Recall Plugin SQL Injection ⚠️ Legal Dis...

CVE-2024-9771

The WP-Recall WordPress plugin before 16.26.12 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-9771

The WP-Recall WordPress plugin before 16.26.12 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-9771 WP-Recall < 16.26.12 - Admin+ Stored XSS

The WP-Recall WordPress plugin before 16.26.12 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-9771

CVE-2024-9771 affects the WP-Recall WordPress plugin (versions prior to 16.26.12). It enables Stored XSS by privileged users (e.g., Admin) due to improper sanitisation/escap​ing of settings, even when unfiltered_html is disallowed. Impact per available sources is stored XSS with low CVSS base of ...

CVE-2024-9771 WP-Recall < 16.26.12 - Admin+ Stored XSS

The WP-Recall WordPress plugin before 16.26.12 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress plugin WP-Recall 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-9770

The WP-Recall WordPress plugin before 16.26.12 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks...

WordPress WP-Recall plugin < 16.26.12 - Admin+ SQL Injection vulnerability

Admin+ SQL Injection vulnerability discovered by y4ng0615 in WordPress Plugin WP-Recall versions 16.26.12...

CVE-2024-9770

The WP-Recall WordPress plugin before 16.26.12 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks...

CVE-2024-9770

The WP-Recall WordPress plugin before 16.26.12 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks...