4 matches found
CVE-2025-1324
The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'public-form' shortcode in all versions up to, and including, 16.26.10 due to insufficient input sanitization and output escaping on user supplied attributes...
CVE-2025-1324
creationtimestamp| type| source ---|---|--- 2025-03-08 09:36:04+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/6940 2025-03-08 12:35:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ljujwouqxy2x 2025-03-08 13:30:56+00:00| seen| https://t.me/cvedetector/19894 2025-03-08...
CVE-2025-1324 WP-Recall – Registration, Profile, Commerce & More <= 16.26.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'public-form' shortcode in all versions up to, and including, 16.26.10 due to insufficient input sanitization and output escaping on user supplied attributes...
CVE-2025-1324
CVE-2025-1324 affects the WordPress plugin WP-Recall – Registration, Profile, Commerce & More. It describes a Stored Cross-Site Scripting via the plugin’s shortcode public-form in all versions up to 16.26.10, caused by insufficient input sanitization and output escaping on user-provided attribute...