WordPress Plugin Vulnerabilities

WP-Recall < 16.24.48 - Reflected Cross-Site Scripting

Description

The plugin does not escape some filters parameters before outputting them back in attributes when the Commerce add-on is active, leading to Reflected Cross-Site Scripting issues

Proof of Concept

Affects Plugins

Plugin icon
wp-recall
Fixed in 16.24.48

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.5 (high)

Miscellaneous

Original Researcher
WPScanTeam
Verified
Yes
WPVDB ID
29b1bc54-eb51-4061-82d6-bba0404d00c0

Timeline

Publicly Published
2021-10-05 (about 4 years ago)
Added
2021-10-05 (about 4 years ago)
Last Updated
2021-10-05 (about 4 years ago)

Other

Published
Title
Published
2023-06-26
Title
TheRoof < 1.0.4 - Unauthenticated Reflected XSS
Published
2024-07-08
Title
Email Encoder < 2.2.2 - Admin+ Stored XSS
Published
2015-08-13
Title
All In One WP Security & Firewall <= 3.9.7 - Unauthenticated Cross-Site Scripting (XSS)
Published
2024-11-04
Title
NextGEN Gallery < 3.59.5 - Admin+ Stored XSS
Published
2024-10-21
Title
Risk Warning Bar <= 1.0 - Reflected Cross-Site Scripting