CVE-2024-39310 WordPress Basil Theme Authenticated (Contributor+) Persistent Cross-Site Scripting Vulnerability

The Basil recipe theme for WordPress is vulnerable to Persistent Cross-Site Scripting XSS via the posttitle parameter in versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with contributor-level access...

PT-2024-28436 · WordPress · Basil +1

Name of the Vulnerable Software and Affected Versions: The Basil recipe theme for WordPress versions up to, and including, 2.0.4 Description: The issue is related to Persistent Cross-Site Scripting XSS via the post title parameter due to insufficient input sanitization and output escaping. This...

CVE-2024-37308 WordPress Cooked Plugin - Authenticated (Contributor+) Persistent Cross-Site Scripting Vulnerability

The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting XSS via the recipesettingsposttitle parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with...

CVE-2023-44477

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Boxy Studio Cooked plugin = 1.7.13 versions...

CVE-2023-44477

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Boxy Studio Cooked plugin = 1.7.13 versions...

CVE-2023-44477

CVE-2023-44477 affects Boxy Studio Cooked Plugin for WordPress, vulnerable in versions 1.7.13 to mitigate.

CVE-2023-44477 WordPress Cooked Plugin <= 1.7.13 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Boxy Studio Cooked plugin = 1.7.13 versions...

CVE-2023-44477 WordPress Cooked Plugin <= 1.7.13 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Boxy Studio Cooked plugin = 1.7.13 versions...

PT-2023-29256 · Boxy Studio · Boxy Studio Cooked Plugin

Name of the Vulnerable Software and Affected Versions: Boxy Studio Cooked plugin versions = 1.7.13 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. This vulnerability can be exploited by contributors or users with higher privileges. There is no information...

WordPress Cooked Plugin <= 1.7.14 is vulnerable to Cross Site Scripting (XSS)

Software Cooked Type Plugin Vulnerable versions = 1.7.14 Fixed in 1.7.15.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-44477 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ff0ba7b02ac2 Credits thiennv Required privilege Contributor...

Cooked < 1.7.9.1- Unauthenticated Reflected Cross-Site Scripting (XSS)

The plugin was vulnerable to Unauthenticated Reflected Cross-Site Scripting XSS. For clarification, this vulnerability is separate to the similar vulnerability CVE-2021-24233. PoC The PoC will be displayed once the issue has been remediated...