RSS   Vulnerabilities for 'Recall-products'   RSS

2020-09-14
 
CVE-2020-25380

CWE-79
 

 
Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 is affected by: Cross Site Scripting (XSS) via the 'Recall Settings' field in admin.php. An attacker can inject JavaScript code that will be stored and executed.

 
 
CVE-2020-25379

CWE-89
 

 
Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 fails to sanitize input from the 'Manufacturer[]' parameter which allows an authenticated attacker to inject a malicious SQL query.

 


Copyright 2024, cxsecurity.com

 

Back to Top