CVE-2025-1322

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 16.26.10 via the 'feed' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attac...

CVE-2024-9770

The WP-Recall WordPress plugin before 16.26.12 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks