Recall-Products Project: Security Vulnerabilities
Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 fails to sanitize input from the 'Manufacturer[]' parameter which allows an authenticated attacker to inject a malicious SQL query.
CVSS Score
8.8
EPSS Score
0.024
Published
2020-09-14
Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 is affected by: Cross Site Scripting (XSS) via the 'Recall Settings' field in admin.php. An attacker can inject JavaScript code that will be stored and executed.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-09-14