38 matches found
CVE-2025-13667
The WP Recipe Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Skill Level' input field in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated...
CVE-2025-13667
The WP Recipe Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Skill Level' input field in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated...
CVE-2025-13667 WP Recipe Manager <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Skill Level' Input Field
The WP Recipe Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Skill Level' input field in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated...
CVE-2025-13667 WP Recipe Manager <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Skill Level' Input Field
The WP Recipe Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Skill Level' input field in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated...
CVE-2025-13667
CVE-2025-13667 affects WP Recipe Manager for WordPress (
WordPress plugin WP Recipe Manager 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripti...
PT-2026-1603
Name of the Vulnerable Software and Affected Versions WP Recipe Manager plugin for WordPress versions prior to 1.0.1 Description The WP Recipe Manager plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escaping on...
WordPress WP Recipe Manager plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Skill Level' Input Field vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'Skill Level' Input Field vulnerability discovered by ChamlaVic in WordPress Plugin WP Recipe Manager versions = 1.0.0...
EUVD-2024-29841
Malicious code in bioql PyPI...
EUVD-2024-29838
Malicious code in bioql PyPI...
Mealie 安全漏洞
Mealie is a self-hosted recipe manager and meal planner by an individual developer in Hayden, USA. A security vulnerability exists in Mealie v2.2.0 that stems from improper object-level authorization...
Mealie 安全漏洞
Mealie is a self-hosted recipe manager and meal planner by an individual developer in Hayden, USA. A security vulnerability exists in Mealie v2.2.0 that stems from improper object-level authorization...
CVE-2024-31994
Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, an attacker can point the image request to an arbitrarily large file. Mealie will attempt to retrieve this file in whole. If it can be retrieved, it may be stored on the file system in whole leading to possible disk...
CVE-2024-31993
Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the scrapeimage function will retrieve an image based on a user-provided URL, however the provided URL is not validated to point to an external location and does not have any enforced rate limiting. The response from the...
CVE-2024-31992
Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the safescrapehtml function utilizes a user-controlled URL to issue a request to a remote server, however these requests are not rate-limited. While there are efforts to prevent DDoS by implementing a timeout on requests, it...
CVE-2024-31991
Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the safescrapehtml function utilizes a user-controlled URL to issue a request to a remote server. Based on the content of the response, it will either parse the content or disregard it. This function, nor those that call it,...
CVE-2024-31994 Mealie vulnerable to a DoS in recipe image importer (GHSL-2023-228)
Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, an attacker can point the image request to an arbitrarily large file. Mealie will attempt to retrieve this file in whole. If it can be retrieved, it may be stored on the file system in whole leading to possible disk...
CVE-2024-31994
Mealie before 1.4.0 is vulnerable to a DoS via the image importer endpoint: an attacker can point the image request to an arbitrarily large file, causing Mealie to fetch it in full. This can exhaust container memory (OOM) and may trigger container restarts or offline status; lack of rate limiting...
CVE-2024-31994 Mealie vulnerable to a DoS in recipe image importer (GHSL-2023-228)
Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, an attacker can point the image request to an arbitrarily large file. Mealie will attempt to retrieve this file in whole. If it can be retrieved, it may be stored on the file system in whole leading to possible disk...
CVE-2024-31994 Mealie vulnerable to a DoS in recipe image importer (GHSL-2023-228)
Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, an attacker can point the image request to an arbitrarily large file. Mealie will attempt to retrieve this file in whole. If it can be retrieved, it may be stored on the file system in whole leading to possible disk...