WordPress Plugin Store / Mike Rooijackers Recall Products V0.8 is affected by: Cross Site Scripting (XSS) via the ‘Recall Settings’ field in admin.php. An attacker can inject JavaScript code that will be stored and executed.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25380
Reference (s):
- https://zeroaptitude.com/misha/wordpress-plugin-bug-hunting-part-2/