{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-16T14:09:07.112","vulnerabilities":[{"cve":{"id":"CVE-2025-1322","sourceIdentifier":"security@wordfence.com","published":"2025-03-08T10:15:10.583","lastModified":"2025-03-13T13:01:31.400","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 16.26.10 via the 'feed' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to view data from password protected, private, or draft posts that they should not have access to."},{"lang":"es","value":"El complemento WP-Recall – Registration, Profile, Commerce & More para WordPress es vulnerable a la exposición de información en todas las versiones hasta la 16.26.10 incluida a través del código abreviado \"feed\" debido a restricciones insuficientes sobre qué publicaciones se pueden incluir. Esto permite que atacantes no autenticados vean datos de publicaciones protegidas con contraseña, privadas o en borrador a las que no deberían tener acceso."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:plechevandrey:wp-recall:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"16.26.12","matchCriteriaId":"E39CB4E3-D118-4652-8317-06A6DD1FD41D"}]}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset/3250094/wp-recall/trunk/add-on/rcl-chat/core.php","source":"security@wordfence.com","tags":["Patch"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c667be65-e6d3-40e1-aeec-384d309fde3d?source=cve","source":"security@wordfence.com","tags":["Third Party Advisory"]}]}}]}