WP-Recall – Plugin <= 16.26.10 - Unauthenticated SQL Injection

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to SQL Injection via the 'databeat' parameter in all versions up to, and including, 16.26.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

WP-Recall <= 16.26.5 - SQL Injection

The WP-Recall Registration, Profile, Commerce & More plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 16.26.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

CVE-2025-1325

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to arbitrary shortcode execution due to a missing capability check on the 'rclpreviewpost' AJAX endpoint in all versions up to, and including, 16.26.10. This makes it possible for authenticated attackers, wi...

CVE-2025-1323

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to SQL Injection via the 'databeat' parameter in all versions up to, and including, 16.26.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

EUVD-2025-17230

Malicious code in bioql PyPI...

EUVD-2025-6292

Malicious code in bioql PyPI...

EUVD-2025-13742

Malicious code in bioql PyPI...

EUVD-2024-35416

Malicious code in bioql PyPI...

EUVD-2024-30497

Malicious code in bioql PyPI...

EUVD-2025-19996

Malicious code in bioql PyPI...

EUVD-2024-30406

Malicious code in bioql PyPI...

EUVD-2024-54439

Malicious code in bioql PyPI...

EUVD-2024-54539

Malicious code in bioql PyPI...

EUVD-2025-28344

Malicious code in bioql PyPI...

CVE-2025-52796

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tggfref WP-Recall allows Reflected XSS. This issue affects WP-Recall: from n/a through 16.26.14...

CVE-2025-52796

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tggfref WP-Recall allows Reflected XSS. This issue affects WP-Recall: from n/a through 16.26.14...

CVE-2025-52796 WordPress WP-Recall <= 16.26.14 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tggfref WP-Recall allows Reflected XSS. This issue affects WP-Recall: from n/a through 16.26.14...

CVE-2025-52796 WordPress WP-Recall <= 16.26.14 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tggfref WP-Recall allows Reflected XSS. This issue affects WP-Recall: from n/a through 16.26.14...

CVE-2025-52796

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tggfref WP-Recall allows Reflected XSS. This issue affects WP-Recall: from n/a through 16.26.14...

CVE-2025-52796

CVE-2025-52796 describes a Cross-Site Scripting (XSS) vulnerability in WordPress WP-Recall (versions up to 16.26.14). Root cause: improper input neutralization during web page generation. Affected software: WP-Recall