CVE-2025-62989 WordPress Cooked plugin <= 1.11.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Gora Tech Cooked cooked allows Stored XSS.This issue affects Cooked: from n/a through = 1.11.3...

CVE-2025-68586 WordPress Cooked plugin <= 1.11.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Gora Tech Cooked cooked allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cooked: from n/a through = 1.11.3...

CVE-2025-68586

CVE-2025-68586 describes a Missing Authorization vulnerability in the Cooked (WordPress) plugin, affecting Cooked: from n/a through

CVE-2025-68586 WordPress Cooked plugin <= 1.11.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Gora Tech Cooked cooked allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cooked: from n/a through = 1.11.2...

WordPress Cooked plugin <= 1.11.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Cooked versions = 1.11.3...

WordPress Cooked Plugin <= 1.8.0 is vulnerable to Cross Site Scripting (XSS)

Software Cooked Type Plugin Vulnerable versions = 1.8.0 Fixed in 1.8.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-41816 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 18a7c8d0faab Credits re-alter Required privilege Subscriber...

WordPress Cooked Plugin <= 1.7.15.4 - Authenticated (Contributor+) HTML Injection via Recipe Excerpt vulnerability

Authenticated Contributor+ HTML Injection via Recipe Excerpt vulnerability discovered by RE-ALTER in WordPress Plugin Cooked versions = 1.7.15.4...

WordPress Cooked Plugin <= 1.7.15.4 is vulnerable to Content Injection

Software Cooked Type Plugin Vulnerable versions = 1.7.15.4 Fixed in 1.8.0 OWASP Top 10 A3: Injection Classification Content Injection CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 96527670dc1c Credits RE-ALTER Required privilege Contributor Published 18 July, 202...

WordPress Cooked Plugin <= 1.7.15.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Cooked Type Plugin Vulnerable versions = 1.7.15.4 Fixed in 1.8.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID c2e4cdac6c1e Credits RE-ALTER Required privilege...

CVE-2024-39681 WordPress Cooked Plugin - Cross-Site Request Forgery to Apply Template to All Recipes

Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could allow an attacker to trick users...