CVE-2025-1322
CVE-2025-1322
Título es
CVE-2025-1322
Sáb, 08/03/2025 – 10:15
Tipo
CWE-200
Gravedad 2.0 Txt
Pendiente de análisis
Título en
CVE-2025-1322
Descripción en
The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 16.26.10 via the 'feed' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to view data from password protected, private, or draft posts that they should not have access to.
08/03/2025
08/03/2025
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Gravedad 3.1 (CVSS 3.1 Base Score)
4.30
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM
Referencias
https://plugins.trac.wordpress.org/changeset/3250094/wp-recall/trunk/add-on/rcl-chat/core.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/c667be65-e6d3-40e1-aeec-384d309fde3d?source=cve
Enviar en el boletín
Off
