PT-2025-10429 · WordPress · Wp-Recall

Krzysztof Zając

Published

2025-03-08

Updated

2025-03-13

CVE-2025-1322

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions WP-Recall – Registration, Profile, Commerce & More plugin for WordPress versions up to, and including, 16.26.10

Description The issue allows unauthenticated attackers to view data from password-protected, private, or draft posts due to insufficient restrictions on which posts can be included via the 'feed' shortcode.

Recommendations For WP-Recall – Registration, Profile, Commerce & More plugin for WordPress versions up to, and including, 16.26.10, consider disabling the feed shortcode until a patch is available to prevent information exposure.

Fix

Path traversal

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-200

Related Identifiers

CVE-2025-1322

Affected Products

Wp-Recall

PT-2025-10429 · WordPress · Wp-Recall

CVE-2025-1322

Weakness Enumeration

Related Identifiers

Affected Products

References · 12