CVE-2025-52796 – WordPress WP-Recall Cross-site Scripting

July 4, 2025

CVE ID : CVE-2025-52796

Published : July 4, 2025, 12:15 p.m. | 2 hours ago

Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in tggfref WP-Recall allows Reflected XSS. This issue affects WP-Recall: from n/a through 16.26.14.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-52798 – Eyecix JobSearch Cross-site Scripting

Next Article CVE-2025-52718 – Bearsthemes Alone Code Injection Vulnerability

Highlights

CVE-2025-46332 – Vercel Flags SDK Information Disclosure

May 2, 2025

CVE ID : CVE-2025-46332

Published : May 2, 2025, 5:15 p.m. | 2 hours, 14 minutes ago

Description : Flags SDK is an open-source feature flags toolkit for Next.js and SvelteKit. Impacted versions include flags from 3.2.0 and prior and @vercel/flags from 3.1.1 and prior as certain circumstances allows a bad actor with detailed knowledge of the vulnerability to list all flags returned by the flags discovery endpoint (.well-known/vercel/flags). This vulnerability allows for information disclosure, where a bad actor could gain access to a list of all feature flags exposed through the flags discovery endpoint, including the flag names, flag descriptions, available options and their labels (e.g. true, false), and default flag values. This issue has been patched in flags@4.0.0, users of flags and @vercel/flags should also migrate to flags@4.0.0.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

10 Top Node.js Development Companies for Enterprise-Scale Projects (2025-2026 Ranked & Reviewed)

12 Must-Know Cost Factors When Hiring Node.js Developers for Your Enterprise

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

Microsoft reportedly lacks the know-how to fully leverage OpenAI’s tech — despite holding IP rights

Laravel in the First Half of 2025

Laravel in the First Half of 2025

PHP 8.5.0 Alpha 1 available for testing

Recording cross browser compatible media

GOnnect – easy to use VoIP client

GOnnect – easy to use VoIP client

Gnuinos – spin of Devuan Linux

5 Best Free and Open Source Backend Electronic Circuit Simulators

CVE-2025-52796 – WordPress WP-Recall Cross-site Scripting

CVE-2025-23970 – Aonetheme Service Finder Booking Privilege Escalation

CVE-2025-24780 – Printcart Web to Print Product Designer for WooCommerce SQL Injection

CVE-2025-32306 – LambertGroup Radio Player Shoutcast & Icecast WordPress Plugin SQL Injection Vulnerability

Best early Prime Day monitor deals: My 20 favorite sales live now

CVE-2025-5362 – Campcodes Online Hospital Management System SQL Injection Vulnerability

If you think you can do better than Xbox or PlayStation in the Console Wars, you may just want to try out this card game

CVE-2025-46332 – Vercel Flags SDK Information Disclosure

Closing the loop on agents with test-driven development

CVE-2025-2875 – Apache Controller Resource Disclosure Vulnerability

CVE-2025-1533 – ASUS Armoury Crate App Stack Buffer Overflow

CVE-2025-52796 – WordPress WP-Recall Cross-site Scripting

Related Posts