12 matches found
CVE-2026-35045
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the PUT /api/recipe/batchupdate/ endpoint in Tandoor Recipes allows any authenticated user within a Space to modify any recipe in that Space, including recipes marked as private by...
CVE-2026-35045
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the PUT /api/recipe/batchupdate/ endpoint in Tandoor Recipes allows any authenticated user within a Space to modify any recipe in that Space, including recipes marked as private by...
CVE-2026-35045 Tandoor Recipes Affected by Private Recipe Exposure and Unauthorized Modification
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the PUT /api/recipe/batchupdate/ endpoint in Tandoor Recipes allows any authenticated user within a Space to modify any recipe in that Space, including recipes marked as private by...
EUVD-2026-19388
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the PUT /api/recipe/batchupdate/ endpoint in Tandoor Recipes allows any authenticated user within a Space to modify any recipe in that Space, including recipes marked as private by...
Tandoor Recipes 安全漏洞
Tandoor Recipes is an open-source application designed for managing recipes, planning meals, creating shopping lists, and more. Versions of Tandoor Recipes prior to 2.6.4 contained security vulnerabilities. These vulnerabilities stemmed from a bypass of object-level authorization checks at the PU...
PT-2026-30684
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the PUT /api/recipe/batch update/ endpoint in Tandoor Recipes allows any authenticated user within a Space to modify any recipe in that Space, including recipes marked as private b...
CVE-2025-14742
The WP Recipe Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajaxsearchrecipes' and 'ajaxgetrecipe' functions in all versions up to, and including, 10.2.3. This makes it possible for authenticated attackers, with Subscriber-level...
EUVD-2025-208093
The WP Recipe Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajaxsearchrecipes' and 'ajaxgetrecipe' functions in all versions up to, and including, 10.2.3. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-14742
The WP Recipe Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajaxsearchrecipes' and 'ajaxgetrecipe' functions in all versions up to, and including, 10.2.3. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-14742
The WP Recipe Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajaxsearchrecipes' and 'ajaxgetrecipe' functions in all versions up to, and including, 10.2.3. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-14742
CVE-2025-14742 : The WP Recipe Maker plugin for WordPress is vulnerable to unauthorized data access due to a missing capability check on the ajax_search_recipes and ajax_get_recipe functions in all versions up to and including 10.2.3. This allows authenticated attackers with Subscriber-level acce...
PT-2026-21892
Name of the Vulnerable Software and Affected Versions WP Recipe Maker versions prior to 10.2.3 Description The WP Recipe Maker plugin for WordPress has a flaw that allows unauthorized access to recipe data. This is due to a missing capability check in the ajax search recipes and ajax get recipe...