144 matches found
CVE-2023-44477 WordPress Cooked Plugin <= 1.7.13 is vulnerable to Cross Site Scripting (XSS)
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Boxy Studio Cooked plugin = 1.7.13 versions...
CVE-2023-44477
CVE-2023-44477 affects Boxy Studio Cooked Plugin for WordPress, vulnerable in versions 1.7.13 to mitigate.
Cooked <= 1.7.13 - Contributor+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WordPress Plugin cooked cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
PT-2023-29256 · Boxy Studio · Boxy Studio Cooked Plugin
Name of the Vulnerable Software and Affected Versions: Boxy Studio Cooked plugin versions = 1.7.13 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. This vulnerability can be exploited by contributors or users with higher privileges. There is no information...
WordPress Cooked Plugin <= 1.7.14 is vulnerable to Cross Site Scripting (XSS)
Software Cooked Type Plugin Vulnerable versions = 1.7.14 Fixed in 1.7.15.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-44477 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ff0ba7b02ac2 Credits thiennv Required privilege Contributor...
CVE-2022-3900
The Cooked Pro WordPress plugin before 1.7.5.7 does not properly validate or sanitize the recipeargs parameter before unserializing it in the cookedloadmore action, allowing an unauthenticated attacker to trigger a PHP Object injection vulnerability...
CVE-2022-3900
The Cooked Pro WordPress plugin before 1.7.5.7 does not properly validate or sanitize the recipeargs parameter before unserializing it in the cookedloadmore action, allowing an unauthenticated attacker to trigger a PHP Object injection vulnerability...
Design/Logic Flaw
The Cooked Pro WordPress plugin before 1.7.5.7 does not properly validate or sanitize the recipeargs parameter before unserializing it in the cookedloadmore action, allowing an unauthenticated attacker to trigger a PHP Object injection vulnerability...
CVE-2022-3900
CVE-2022-3900 affects the Cooked Pro WordPress plugin prior to 1.7.5.7. The flaw is improper validation/sanitization of the recipe_args parameter before unserializing it in the cooked_loadmore action, enabling an unauthenticated attacker to trigger a PHP object injection. Affected: Cooked Pro Wor...
CVE-2022-3900 Cooked Pro < 1.7.5.7 - Unauthenticated PHP Object Injection
The Cooked Pro WordPress plugin before 1.7.5.7 does not properly validate or sanitize the recipeargs parameter before unserializing it in the cookedloadmore action, allowing an unauthenticated attacker to trigger a PHP Object injection vulnerability...
PT-2022-24656 · WordPress · Cooked Pro Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: Cooked Pro WordPress plugin versions prior to 1.7.5.7 Description: The issue arises from improper validation and sanitization of the recipe args parameter before unserializing it in the "cooked loadmore" action. This allows an unauthenticated...
WordPress plugin Cooked Pro 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...
Cooked Pro < 1.7.5.7 - Unauthenticated PHP Object Injection
The plugin does not properly validate or sanitize the recipeargs parameter before unserializing it in the cookedloadmore action, allowing an unauthenticated attacker to trigger a PHP Object injection vulnerability. POST /wp-admin/admin-ajax.php HTTP/1.1 Content-Type:...
Cooked < 1.7.9.1- Unauthenticated Reflected Cross-Site Scripting (XSS)
The plugin was vulnerable to Unauthenticated Reflected Cross-Site Scripting XSS. For clarification, this vulnerability is separate to the similar vulnerability CVE-2021-24233. PoC The PoC will be displayed once the issue has been remediated...
WordPress Cross-Site Scripting Vulnerability (CNVD-2021-44304)
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in Cooked Pro WordPress plugin versions prior to 1.7.5.6...
CVE-2021-24233
The Cooked Pro WordPress plugin before 1.7.5.6 was affected by unauthenticated reflected Cross-Site Scripting issues, due to improper sanitisation of user input while being output back in pages as an arbitrary attribute...
Cross site scripting
The Cooked Pro WordPress plugin before 1.7.5.6 was affected by unauthenticated reflected Cross-Site Scripting issues, due to improper sanitisation of user input while being output back in pages as an arbitrary attribute...
CVE-2021-24233
CVE-2021-24233 affects the Cooked Pro WordPress plugin prior to 1.7.5.6. The vulnerability is an unauthenticated reflected Cross-Site Scripting (XSS) due to improper sanitisation of user input, which is echoed back in pages as an arbitrary attribute. Impacted behavior could enable an attacker to ...
CVE-2021-24233 Cooked Pro < 1.7.5.6 - Unauthenticated Reflected Cross Site Scripting (XSS)
The Cooked Pro WordPress plugin before 1.7.5.6 was affected by unauthenticated reflected Cross-Site Scripting issues, due to improper sanitisation of user input while being output back in pages as an arbitrary attribute...