CVE-2025-62989 WordPress Cooked plugin <= 1.11.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Gora Tech Cooked cooked allows Stored XSS.This issue affects Cooked: from n/a through = 1.11.3...

CVE-2025-68586 WordPress Cooked plugin <= 1.11.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Gora Tech Cooked cooked allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cooked: from n/a through = 1.11.2...

CVE-2025-68586 WordPress Cooked plugin <= 1.11.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Gora Tech Cooked cooked allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cooked: from n/a through = 1.11.3...

CVE-2025-68586

CVE-2025-68586 describes a Missing Authorization vulnerability in the Cooked (WordPress) plugin, affecting Cooked: from n/a through

WordPress Cooked plugin <= 1.11.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Cooked versions = 1.11.3...

CVE-2024-49290 WordPress Cooked Pro plugin < 1.8.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Gora Tech LLC Cooked Pro allows Cross Site Request Forgery.This issue affects Cooked Pro: from n/a before 1.8.0...

WordPress Cooked Pro plugin < 1.8.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by RE-ALTER Patchstack Alliance in WordPress Plugin Cooked Pro versions 1.8.0...

WordPress Cooked Pro Plugin < 1.8.0 is vulnerable to Arbitrary File Upload

Software Cooked Pro Type Plugin Vulnerable versions 1.8.0 Fixed in 1.8.0 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49291 Patch priority High CVSS severity High 10 Developer Claim ownership PSID ca91d1c3c8bf Credits RE-ALTER Required privilege Unauthenticated...

WordPress Cooked Pro Plugin < 1.8.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Cooked Pro Type Plugin Vulnerable versions 1.8.0 Fixed in 1.8.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-49290 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c5a09464e377 Credits RE-ALTER Required privileg...

WordPress Cooked Pro Plugin < 1.8.0 is vulnerable to Cross Site Scripting (XSS)

Software Cooked Pro Type Plugin Vulnerable versions 1.8.0 Fixed in 1.8.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49289 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID bde6da8a46e5 Credits RE-ALTER Required privilege Contributor...

WordPress Cooked Plugin <= 1.8.0 - Authenticated (Subscriber+) Persistent Cross-Site Scripting via Shortcode vulnerability

Authenticated Subscriber+ Persistent Cross-Site Scripting via Shortcode vulnerability discovered by re-alter in WordPress Plugin Cooked versions = 1.8.0...

WordPress Cooked Plugin <= 1.8.0 is vulnerable to Cross Site Scripting (XSS)

Software Cooked Type Plugin Vulnerable versions = 1.8.0 Fixed in 1.8.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-41816 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 18a7c8d0faab Credits re-alter Required privilege Subscriber...

WordPress Cooked Plugin <= 1.7.15.4 - Authenticated (Contributor+) HTML Injection via Recipe Excerpt vulnerability

Authenticated Contributor+ HTML Injection via Recipe Excerpt vulnerability discovered by RE-ALTER in WordPress Plugin Cooked versions = 1.7.15.4...

WordPress Cooked Plugin <= 1.7.15.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Cooked Type Plugin Vulnerable versions = 1.7.15.4 Fixed in 1.8.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID c2e4cdac6c1e Credits RE-ALTER Required privilege...

WordPress Cooked Plugin <= 1.7.15.4 is vulnerable to Content Injection

Software Cooked Type Plugin Vulnerable versions = 1.7.15.4 Fixed in 1.8.0 OWASP Top 10 A3: Injection Classification Content Injection CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 96527670dc1c Credits RE-ALTER Required privilege Contributor Published 18 July, 202...

CVE-2024-39681 WordPress Cooked Plugin - Cross-Site Request Forgery to Apply Template to All Recipes

Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could allow an attacker to trick users...