WordPress WPRecovery plugin <= 2.0 - Unauthenticated SQL Injection to Arbitrary File Deletion vulnerability

Unauthenticated SQL Injection to Arbitrary File Deletion vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WPRecovery versions = 2.0...

CVE-2025-10726 WPRecovery <= 2.0 - Unauthenticated SQL Injection to Arbitrary File Deletion

The WPRecovery plugin for WordPress is vulnerable to SQL Injection via the 'dataid' parameter in all versions up to, and including, 2.0. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

PT-2025-40475

Name of the Vulnerable Software and Affected Versions WPRecovery versions prior to 2.1 Description The WPRecovery plugin for WordPress is affected by a SQL Injection issue due to insufficient input validation and preparation of SQL queries. Specifically, the dataid parameter is vulnerable. This...

CVE-2023-3221

User enumeration vulnerability in Password Recovery plugin 1.2 version for Roundcube, which could allow a remote attacker to create a test script against the password recovery function to enumerate all users in the database...

Design/Logic Flaw

User enumeration vulnerability in Password Recovery plugin 1.2 version for Roundcube, which could allow a remote attacker to create a test script against the password recovery function to enumerate all users in the database...

CVE-2023-3222 Vulnerability in the password recovery mechanism of Roundcube Password Recovery Plugin

Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote attacker to change an existing user´s password by adding a 6-digit numeric token. An attacker could create an automatic script to test all possible values...

Roundcube Password Recovery plugin security vulnerability

Roundcube Webmail is an open source browser-based IMAP client that supports address book management, message searching, spell checking and more. A security vulnerability exists in the Roundcube Password Recovery plugin version 1.2, which stems from a user enumeration vulnerability that could allo...

PT-2023-23662 · Roundcube · Roundcube Password Recovery Plugin

Name of the Vulnerable Software and Affected Versions: Roundcube Password Recovery plugin version 1.2 Description: The issue allows a remote attacker to create a test script against the password recovery function to enumerate all users in the database. This is a user enumeration vulnerability in...