CVE-2024-0382 WP Recipe Maker <= 9.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via header_tag

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 9.1.0 due to unrestricted use of the 'headertag' attribute. This makes it possible for authenticated attackers with contributor-level and above...