PT-2020-16075 · Mike Rooijackers · Recall Products
Published
2020-09-14
·
Updated
2024-02-14
·
CVE-2020-25380
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Wordpress Plugin Store / Mike Rooijackers Recall Products version 0.8
Description
The issue allows for Cross Site Scripting (XSS) via the 'Recall Settings' field in admin.php. An attacker can inject JavaScript code that will be stored and executed.
Recommendations
For version 0.8, as a temporary workaround, consider disabling the 'Recall Settings' field in admin.php until a patch is available. Restrict access to the admin.php page to minimize the risk of exploitation. Avoid using the 'Recall Settings' field until the issue is resolved.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Recall Products