Cross Site Scripting Vulnerability in WordPress Plugin Store by Mike Rooijackers
CVE-2020-25380

5.4MEDIUM

Key Information:

Vendor: Wordpress
Status: Recall-products
Vendor: CVE Published:; 14 September 2020

What is CVE-2020-25380?

The Recall Products plugin for WordPress, developed by Mike Rooijackers, contains a Cross Site Scripting (XSS) vulnerability in the 'Recall Settings' field of admin.php. This flaw allows attackers to inject and store malicious JavaScript code, which can execute in the context of the admin interface. When exploited, this vulnerability could effectively compromise administrative functionality, leading to further security risks within the WordPress environment.

References

https://zeroaptitude.com/misha/wordpress-plugin-bug-hunti...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 14, 2020
Vulnerability Reserved
Sep 14, 2020

Wordpress

What is CVE-2020-25380?

References

CVSS V3.1

Timeline