71 matches found
CVE-2024-39682
Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with contributor-level access and above...
CVE-2023-44477
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Boxy Studio Cooked plugin = 1.7.13 versions...
WordPress Cooked Plugin <= 1.8.0 is vulnerable to Cross Site Scripting (XSS)
Software Cooked Type Plugin Vulnerable versions = 1.8.0 Fixed in 1.8.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-41816 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 18a7c8d0faab Credits re-alter Required privilege Subscriber...
CVE-2024-41816
Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Persistent Cross-Site Scripting XSS via the ‘cooked-timer’ shortcode in versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping. This vulnerability allows authenticate...
CVE-2024-41816 WordPress Cooked Plugin Persistent Cross-Site Scripting via Shortcode
Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Persistent Cross-Site Scripting XSS via the ‘cooked-timer’ shortcode in versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping. This vulnerability allows authenticate...
CVE-2024-41816 WordPress Cooked Plugin Persistent Cross-Site Scripting via Shortcode
Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Persistent Cross-Site Scripting XSS via the ‘cooked-timer’ shortcode in versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping. This vulnerability allows authenticate...
CVE-2024-41816 WordPress Cooked Plugin Persistent Cross-Site Scripting via Shortcode
Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Persistent Cross-Site Scripting XSS via the ‘cooked-timer’ shortcode in versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping. This vulnerability allows authenticate...
WordPress plugin Cooked 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress Cooked Plugin <= 1.7.15.4 - Authenticated (Contributor+) HTML Injection via Recipe Excerpt vulnerability
Authenticated Contributor+ HTML Injection via Recipe Excerpt vulnerability discovered by RE-ALTER in WordPress Plugin Cooked versions = 1.7.15.4...
WordPress Cooked plugin <= 1.7.15.4 - Multiple Cross Site Request Forgery (CSRF) vulnerability
Multiple Cross Site Request Forgery CSRF vulnerability discovered by RE-ALTER in WordPress Plugin Cooked versions = 1.7.15.4...
CVE-2024-39682
Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with contributor-level access and above...
CVE-2024-39679
Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could allow an attacker to trick users...
CVE-2024-39680
Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could allow an attacker to trick users...
CVE-2024-39681
Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could allow an attacker to trick users...
WordPress Cooked Plugin <= 1.7.15.4 is vulnerable to Content Injection
Software Cooked Type Plugin Vulnerable versions = 1.7.15.4 Fixed in 1.8.0 OWASP Top 10 A3: Injection Classification Content Injection CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 96527670dc1c Credits RE-ALTER Required privilege Contributor Published 18 July, 202...
WordPress Cooked Plugin <= 1.7.15.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software Cooked Type Plugin Vulnerable versions = 1.7.15.4 Fixed in 1.8.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID c2e4cdac6c1e Credits RE-ALTER Required privilege...
CVE-2024-39682
CVE-2024-39682 affects the Cooked – Recipe Management WordPress plugin. It enables HTML Injection due to insufficient input sanitization and output escaping in versions up to and including 1.7.15.4. Exploitation requires authenticated access at contributor level or higher, and injected HTML would...
CVE-2024-39682 WordPress Cooked Plugin - Authenticated (Contributor+) HTML Injection via Recipe Excerpt
Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with contributor-level access and above...
CVE-2024-39682 WordPress Cooked Plugin - Authenticated (Contributor+) HTML Injection via Recipe Excerpt
Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with contributor-level access and above...
CVE-2024-39682 WordPress Cooked Plugin - Authenticated (Contributor+) HTML Injection via Recipe Excerpt
Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with contributor-level access and above...