Cross Site Scripting Vulnerability in WordPress Plugin Store by Mike Rooijackers
CVE-2020-25380

5.4MEDIUM

Key Information:

Vendor: Wordpress
Status: Recall-products
Vendor: CVE Published:; 14 September 2020

What is CVE-2020-25380?

The Recall Products plugin for WordPress, developed by Mike Rooijackers, contains a Cross Site Scripting (XSS) vulnerability in the 'Recall Settings' field of admin.php. This flaw allows attackers to inject and store malicious JavaScript code, which can execute in the context of the admin interface. When exploited, this vulnerability could effectively compromise administrative functionality, leading to further security risks within the WordPress environment.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://zeroaptitude.com/misha/wordpress-plugin-bug-hunti...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 14, 2020
Vulnerability Reserved
Sep 14, 2020

JSON

Wordpress

What is CVE-2020-25380?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.