Vulnerability CVE-2024-1175


Published: 2024-06-06

Description:
The WP-Recall ?? Registration, Profile, Commerce & More plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'delete_payment' function in all versions up to, and including, 16.26.6. This makes it possible for unauthenticated attackers to delete arbitrary payments.

 References:
https://www.wordfence.com/threat-intel/vulnerabilities/id/6b84b13a-b46c-48fc-a7a8-de32c575d576?source=cve
https://wordpress.org/plugins/wp-recall/

Copyright 2026, cxsecurity.com

 

Back to Top