Lucene search
WordfenceCVELIST:CVE-2024-0255HistoryFeb 05, 2024 - 9:21 p.m.
CVE-2024-0255
2024-02-0521:21:44
Wordfence
raw.githubusercontent.com
1
wp recipe maker
wordpress
stored cross-site scripting
input sanitization
output escaping
user permissions
The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the pluginβs βwprm-recipe-text-shareβ shortcode in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Related
wpvulndb
wpvulndb
prion
prion
Cross site scripting
2024-02-05 22:15:00
cve
cve
CVE-2024-0255
2024-02-05 22:15:59
wordfence
wordfence