CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/02/27 4:33 a.m.•14 views

CVE-2026-1558

Summary of CVE-2026-1558 (WP Recipe Maker

5.3CVSS5.5AI score0.00253EPSS

Cvelist•added 2026/02/27 4:33 a.m.•18 views

CVE-2026-1558 WP Recipe Maker <= 10.3.2 - Insecure Direct Object Reference to Unauthenticated Arbitrary Post Metadata Modification via 'recipeId' Parameter

5.3CVSS0.00253EPSS

Vulnrichment•added 2026/02/27 4:33 a.m.•3 views

CVE-2026-1558 WP Recipe Maker <= 10.3.2 - Insecure Direct Object Reference to Unauthenticated Arbitrary Post Metadata Modification via 'recipeId' Parameter

5.3CVSS5.9AI score0.00253EPSS

Positive Technologies•added 2026/02/27 12:0 a.m.•4 views

PT-2026-22295

The WP Recipe Maker plugin for WordPress is vulnerable to an Insecure Direct Object Reference IDOR in versions up to, and including, 10.3.2. This is due to the /wp-json/wp-recipe-maker/v1/integrations/instacart REST API endpoint's permission callback being set to return true and a lack of...

5.3CVSS5.4AI score0.00253EPSS

Exploits0References5

CNNVD•added 2026/02/27 12:0 a.m.•7 views

WordPress plugin WP Recipe Maker 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.9AI score0.00253EPSS

Exploits0References5

Patchstack•added 2026/02/26 11:21 p.m.•6 views

WordPress WP Recipe Maker plugin <= 10.3.2 - Insecure Direct Object Reference to Unauthenticated Arbitrary Post Metadata Modification via 'recipeId' Parameter vulnerability

Insecure Direct Object Reference to Unauthenticated Arbitrary Post Metadata Modification via 'recipeId' Parameter vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Plugin WP Recipe Maker versions = 10.3.2...

5.3CVSS5.4AI score0.00253EPSS

RedhatCVE•added 2026/02/26 10:14 a.m.•8 views

CVE-2025-14742

The WP Recipe Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajaxsearchrecipes' and 'ajaxgetrecipe' functions in all versions up to, and including, 10.2.3. This makes it possible for authenticated attackers, with Subscriber-level...

EUVD•added 2026/02/25 12:30 p.m.•6 views

Exploits0References1

EUVD-2025-208093

Cvelist•added 2026/02/25 9:26 a.m.•21 views

Exploits0References7

CVE-2025-14742 WP Recipe Maker <= 10.2.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure

4.3CVSS0.00222EPSS

Exploits0References6

CVE•added 2026/02/25 9:26 a.m.•11 views

CVE-2025-14742

CVE-2025-14742 : The WP Recipe Maker plugin for WordPress is vulnerable to unauthorized data access due to a missing capability check on the ajax_search_recipes and ajax_get_recipe functions in all versions up to and including 10.2.3. This allows authenticated attackers with Subscriber-level acce...

Positive Technologies•added 2026/02/25 12:0 a.m.•5 views

Exploits0References6

PT-2026-21892

Name of the Vulnerable Software and Affected Versions WP Recipe Maker versions prior to 10.2.3 Description The WP Recipe Maker plugin for WordPress has a flaw that allows unauthorized access to recipe data. This is due to a missing capability check in the ajax search recipes and ajax get recipe...

4.3CVSS5.8AI score0.00222EPSS

Exploits0References12

CNNVD•added 2026/02/25 12:0 a.m.•7 views

WordPress plugin WP Recipe Maker 安全漏洞

4.3CVSS5.8AI score0.00222EPSS

Exploits0References6

Patchstack•added 2026/02/24 11:35 p.m.•7 views

WordPress WP Recipe Maker plugin <= 10.2.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Information Exposure vulnerability discovered by Abhinav Jaswal wrathexe - Self employed in WordPress Plugin WP Recipe Maker versions = 10.2.3...

Nuclei•added 2026/02/12 12:4 a.m.•6 views

WP Recipe Maker <= 9.1.0 - Reflected XSS via Referer Header

The WP Recipe Maker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'Referer' header in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping. The Referer header value is used directly in the href attribute of the "Back"...

6.1CVSS5.5AI score0.00679EPSS

Exploits0References3

Patchstack•added 2026/02/03 3:12 p.m.•4 views

WordPress WP Recipe Maker plugin <= 9.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'group_tag' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'grouptag' vulnerability discovered by wesley wcraft in WordPress Plugin WP Recipe Maker versions = 9.1.0...

6.4CVSS5.3AI score0.00449EPSS

Patchstack•added 2026/02/03 3:11 p.m.•4 views

WordPress WP Recipe Maker plugin <= 9.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tag' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'tag' vulnerability discovered by wesley wcraft in WordPress Plugin WP Recipe Maker versions = 9.1.0...

6.4CVSS5.3AI score0.00578EPSS