13 matches found
CVE-2024-1206
WP Recipe Maker for WordPress (versions
CVE-2022-4468
CVE-2022-4468 affects the WP Recipe Maker WordPress plugin: versions before 8.6.1 do not validate/escape certain shortcode attributes, enabling Stored XSS from users with as low as Contributor to target higher-privilege users. The vulnerability is triggered by outputting untrusted shortcode data ...
CVE-2024-1571
CVE-2024-1571 : WP Recipe Maker for WordPress is vulnerable to Stored Cross-Site Scripting via the Video Embed parameter in all versions up to 9.2.1 due to insufficient input sanitization and output escaping. Authenticated users with access to the recipe dashboard (admin by default, but roles can...
CVE-2024-0255
CVE-2024-0255 refers to a Stored Cross-Site Scripting (XSS) vulnerability in the WP Recipe Maker WordPress plugin. The flaw exists in the wprm-recipe-text-share shortcode when handling user-supplied attributes, affecting all versions up to and including 9.1.0. Exploitation requires authenticated ...
CVE-2024-3490
CVE-2024-3490 is a Stored Cross-Site Scripting vulnerability in the WordPress plugin WP Recipe Maker, affecting all versions up to and including 9.3.1. It arises from insufficient input sanitization and output escaping on user-supplied attributes in the wprm-recipe-roundup-item shortcode, allowin...
CVE-2024-9650
CVE-2024-9650 : WP Recipe Maker for WordPress is vulnerable to stored XSS via the tooltip parameter in all versions up to and including 9.6.1. Exploitation requires Contributor-level access or higher. Connected sources confirm the flaw and that patches exist: fixed in 9.7.0. Affected product/vers...
CVE-2024-0382
WP Recipe Maker for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to 9.1.0 due to unrestricted use of the header_tag attribute. The root cause is the header_tag attribute allowing injection of scripts by authenticated users with contributor-level permissions or higher. A f...
CVE-2024-0383
WP Recipe Maker for WordPress (plugin, up to version 9.1.0) is affected by a Stored XSS due to insufficient restrictions on the group_tag attribute in the wprm-recipe-instructions and wprm-recipe-ingredients shortcodes. Exploitation requires authentication at Contributor level or higher; an attac...
CVE-2024-0384
The CVE-2024-0384 vulnerability affects the WP Recipe Maker plugin for WordPress, where Stored Cross-Site Scripting is possible via Recipe Notes in all versions up to 9.1.0 due to insufficient input sanitization and output escaping. Authentication requirement is at contributor level or higher, en...
CVE-2024-0380
The CVE-2024-0380 entry concerns WP Recipe Maker for WordPress, where Directory Traversal was possible in all versions up to 9.1.0 via the icon attribute in Shortcodes. Authenticated attackers with contributor-level access and above could include SVG file contents from the server, enabling Cross-...
CVE-2024-0381
CVE-2024-0381 covers the WP Recipe Maker WordPress plugin. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw caused by the use of the HTML-like tag attribute in the wprm-recipe-name, wprm-recipe-date, and wprm-recipe-counter shortcodes. Affected versions are all up to and including 9....
CVE-2023-6970
CVE-2023-6970 : WP Recipe Maker for WordPress is vulnerable to Reflected XSS via the Referer header in versions up to and including 9.1.0 due to insufficient input sanitization and output escaping. An unauthenticated attacker can cause web-script injection on pages that execute when a user takes ...
CVE-2023-6958
Summary of CVE-2023-6958 (WP Recipe Maker, WordPress) Issue: Stored Cross-Site Scripting via the plugin’s shortcode attributes due to insufficient input sanitization and output escaping. Affected: WP Recipe Maker plugin for WordPress in versions up to and including 9.1.0. Impact: Authenticated at...