6 matches found
CVE-2026-15099
The Delicious Recipes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'steps' block attribute in versions up to, and including, 1.10.2. This is due to insufficient input sanitization and output escaping in the wrapdirectiontext function, which interpolates the...
CVE-2026-15099
The CVE-2026-15099 instance concerns the Delicious Recipes WordPress plugin (
CVE-2025-11755 Delicious Recipes <= 1.9.0 - Authenticated (Contributor+) Arbitrary File Upload
The WP Delicious – Recipe Plugin for Food Bloggers formerly Delicious Recipes plugin for WordPress is vulnerable to arbitrary file uploads when importing recipes via CSV in all versions up to, and including, 1.9.0. This flaw allows an attacker with at least Contributor-level permissions to upload...
CVE-2025-11755
The CVE-2025-11755 entry concerns the WP Delicious – Recipe Plugin for WordPress (formerly Delicious Recipes) with vulnerable CSV import handling up to version 1.9.0. Connected sources confirm an Authenticated (Contributor+) Arbitrary File Upload flaw: an attacker with low privileges can supply a...
CVE-2025-11755 Delicious Recipes <= 1.9.0 - Authenticated (Contributor+) Arbitrary File Upload
The WP Delicious – Recipe Plugin for Food Bloggers formerly Delicious Recipes plugin for WordPress is vulnerable to arbitrary file uploads when importing recipes via CSV in all versions up to, and including, 1.9.0. This flaw allows an attacker with at least Contributor-level permissions to upload...
CVE-2024-43935
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WP Delicious Delicious Recipes – WordPress Recipe Plugin allows Stored XSS.This issue affects Delicious Recipes – WordPress Recipe Plugin: from n/a through 1.6.7...