Lucene search
K

144 matches found

Vulnrichment
Vulnrichment
added 2023/10/02 8:55 a.m.16 views

CVE-2023-44477 WordPress Cooked Plugin <= 1.7.13 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Boxy Studio Cooked plugin = 1.7.13 versions...

6.5CVSS5.6AI score0.00328EPSS
Exploits0References1
CVE
CVE
added 2023/10/02 8:55 a.m.62 views

CVE-2023-44477

CVE-2023-44477 affects Boxy Studio Cooked Plugin for WordPress, vulnerable in versions 1.7.13 to mitigate.

6.5CVSS5.5AI score0.00328EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/02 12:0 a.m.15 views

Cooked <= 1.7.13 - Contributor+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.7AI score0.00328EPSS
Exploits0
CNNVD
CNNVD
added 2023/10/02 12:0 a.m.3 views

WordPress Plugin cooked cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

6.5CVSS6AI score0.00328EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/10/02 12:0 a.m.4 views

PT-2023-29256 · Boxy Studio · Boxy Studio Cooked Plugin

Name of the Vulnerable Software and Affected Versions: Boxy Studio Cooked plugin versions = 1.7.13 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. This vulnerability can be exploited by contributors or users with higher privileges. There is no information...

6.5CVSS5.5AI score0.00328EPSS
Exploits0References4
Patchstack
Patchstack
added 2023/09/29 12:0 a.m.13 views

WordPress Cooked Plugin <= 1.7.14 is vulnerable to Cross Site Scripting (XSS)

Software Cooked Type Plugin Vulnerable versions = 1.7.14 Fixed in 1.7.15.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-44477 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ff0ba7b02ac2 Credits thiennv Required privilege Contributor...

6.5CVSS6.5AI score0.00328EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2022/12/12 6:15 p.m.22 views

CVE-2022-3900

The Cooked Pro WordPress plugin before 1.7.5.7 does not properly validate or sanitize the recipeargs parameter before unserializing it in the cookedloadmore action, allowing an unauthenticated attacker to trigger a PHP Object injection vulnerability...

9.8CVSS0.18966EPSS
Exploits2References1
OSV
OSV
added 2022/12/12 6:15 p.m.3 views

CVE-2022-3900

The Cooked Pro WordPress plugin before 1.7.5.7 does not properly validate or sanitize the recipeargs parameter before unserializing it in the cookedloadmore action, allowing an unauthenticated attacker to trigger a PHP Object injection vulnerability...

9.8CVSS5.8AI score0.18966EPSS
Exploits2References1
Prion
Prion
added 2022/12/12 6:15 p.m.21 views

Design/Logic Flaw

The Cooked Pro WordPress plugin before 1.7.5.7 does not properly validate or sanitize the recipeargs parameter before unserializing it in the cookedloadmore action, allowing an unauthenticated attacker to trigger a PHP Object injection vulnerability...

7.5CVSS9.6AI score0.18966EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2022/12/12 5:57 p.m.66 views

CVE-2022-3900

CVE-2022-3900 affects the Cooked Pro WordPress plugin prior to 1.7.5.7. The flaw is improper validation/sanitization of the recipe_args parameter before unserializing it in the cooked_loadmore action, enabling an unauthenticated attacker to trigger a PHP object injection. Affected: Cooked Pro Wor...

9.8CVSS9.8AI score0.18966EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/12/12 5:57 p.m.7 views

CVE-2022-3900 Cooked Pro < 1.7.5.7 - Unauthenticated PHP Object Injection

The Cooked Pro WordPress plugin before 1.7.5.7 does not properly validate or sanitize the recipeargs parameter before unserializing it in the cookedloadmore action, allowing an unauthenticated attacker to trigger a PHP Object injection vulnerability...

9.9AI score0.18966EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2022/12/12 12:0 a.m.6 views

PT-2022-24656 · WordPress · Cooked Pro Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Cooked Pro WordPress plugin versions prior to 1.7.5.7 Description: The issue arises from improper validation and sanitization of the recipe args parameter before unserializing it in the "cooked loadmore" action. This allows an unauthenticated...

9.8CVSS7.6AI score0.18966EPSS
Exploits2References5
CNNVD
CNNVD
added 2022/12/12 12:0 a.m.5 views

WordPress plugin Cooked Pro 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

9.8CVSS8.4AI score0.18966EPSS
Exploits2References2
wpexploit
wpexploit
added 2022/11/21 12:0 a.m.192 views

Cooked Pro < 1.7.5.7 - Unauthenticated PHP Object Injection

The plugin does not properly validate or sanitize the recipeargs parameter before unserializing it in the cookedloadmore action, allowing an unauthenticated attacker to trigger a PHP Object injection vulnerability. POST /wp-admin/admin-ajax.php HTTP/1.1 Content-Type:...

9.8CVSS2.8AI score0.18966EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2021/07/01 12:0 a.m.14 views

Cooked < 1.7.9.1- Unauthenticated Reflected Cross-Site Scripting (XSS)

The plugin was vulnerable to Unauthenticated Reflected Cross-Site Scripting XSS. For clarification, this vulnerability is separate to the similar vulnerability CVE-2021-24233. PoC The PoC will be displayed once the issue has been remediated...

2.1AI score0.01749EPSS
Exploits3References2Affected Software1
CNVD
CNVD
added 2021/04/28 12:0 a.m.10 views

WordPress Cross-Site Scripting Vulnerability (CNVD-2021-44304)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in Cooked Pro WordPress plugin versions prior to 1.7.5.6...

6.1CVSS5.9AI score0.01749EPSS
Exploits3References1
OSV
OSV
added 2021/04/22 9:15 p.m.7 views

CVE-2021-24233

The Cooked Pro WordPress plugin before 1.7.5.6 was affected by unauthenticated reflected Cross-Site Scripting issues, due to improper sanitisation of user input while being output back in pages as an arbitrary attribute...

6.1CVSS6.5AI score0.01749EPSS
Exploits3References3
Prion
Prion
added 2021/04/22 9:15 p.m.17 views

Cross site scripting

The Cooked Pro WordPress plugin before 1.7.5.6 was affected by unauthenticated reflected Cross-Site Scripting issues, due to improper sanitisation of user input while being output back in pages as an arbitrary attribute...

4.3CVSS6.1AI score0.01749EPSS
Exploits3References3Affected Software1
CVE
CVE
added 2021/04/22 9:0 p.m.57 views

CVE-2021-24233

CVE-2021-24233 affects the Cooked Pro WordPress plugin prior to 1.7.5.6. The vulnerability is an unauthenticated reflected Cross-Site Scripting (XSS) due to improper sanitisation of user input, which is echoed back in pages as an arbitrary attribute. Impacted behavior could enable an attacker to ...

6.1CVSS6.1AI score0.01749EPSS
Exploits3References3Affected Software1
Cvelist
Cvelist
added 2021/04/22 9:0 p.m.16 views

CVE-2021-24233 Cooked Pro < 1.7.5.6 - Unauthenticated Reflected Cross Site Scripting (XSS)

The Cooked Pro WordPress plugin before 1.7.5.6 was affected by unauthenticated reflected Cross-Site Scripting issues, due to improper sanitisation of user input while being output back in pages as an arbitrary attribute...

6.3AI score0.01749EPSS
Exploits3References3
Rows per page
Query Builder