Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:16 a.m.12 views

CVE-2025-1325

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to arbitrary shortcode execution due to a missing capability check on the 'rclpreviewpost' AJAX endpoint in all versions up to, and including, 16.26.10. This makes it possible for authenticated attackers, wi...

6.3CVSS7.5AI score0.0031EPSS
Exploits0References1
NVD
NVD
added 2025/03/08 10:15 a.m.13 views

CVE-2025-1325

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to arbitrary shortcode execution due to a missing capability check on the 'rclpreviewpost' AJAX endpoint in all versions up to, and including, 16.26.10. This makes it possible for authenticated attackers, wi...

6.3CVSS0.0031EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/08 9:22 a.m.10 views

CVE-2025-1325 WP-Recall – Registration, Profile, Commerce & More <= 16.26.10 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Exeuction

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to arbitrary shortcode execution due to a missing capability check on the 'rclpreviewpost' AJAX endpoint in all versions up to, and including, 16.26.10. This makes it possible for authenticated attackers, wi...

6.3CVSS6.4AI score0.0031EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/08 9:22 a.m.23 views

CVE-2025-1325 WP-Recall – Registration, Profile, Commerce & More <= 16.26.10 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Exeuction

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to arbitrary shortcode execution due to a missing capability check on the 'rclpreviewpost' AJAX endpoint in all versions up to, and including, 16.26.10. This makes it possible for authenticated attackers, wi...

6.3CVSS0.0031EPSS
Exploits0References2
Rows per page
Query Builder