Lucene search
K
BootstrappedWp Recipe Maker

13 matches found

CVE
CVE
added 2024/02/20 6:56 p.m.83 views

CVE-2024-1206

WP Recipe Maker for WordPress (versions

8.8CVSS8.9AI score0.0074EPSS
CVE
CVE
added 2023/01/09 10:13 p.m.68 views

CVE-2022-4468

CVE-2022-4468 affects the WP Recipe Maker WordPress plugin: versions before 8.6.1 do not validate/escape certain shortcode attributes, enabling Stored XSS from users with as low as Contributor to target higher-privilege users. The vulnerability is triggered by outputting untrusted shortcode data ...

5.4CVSS5.3AI score0.00534EPSS
CVE
CVE
added 2024/04/09 6:58 p.m.65 views

CVE-2024-1571

CVE-2024-1571 : WP Recipe Maker for WordPress is vulnerable to Stored Cross-Site Scripting via the Video Embed parameter in all versions up to 9.2.1 due to insufficient input sanitization and output escaping. Authenticated users with access to the recipe dashboard (admin by default, but roles can...

4.8CVSS7.7AI score0.00426EPSS
CVE
CVE
added 2024/02/05 9:21 p.m.56 views

CVE-2024-0255

CVE-2024-0255 refers to a Stored Cross-Site Scripting (XSS) vulnerability in the WP Recipe Maker WordPress plugin. The flaw exists in the wprm-recipe-text-share shortcode when handling user-supplied attributes, affecting all versions up to and including 9.1.0. Exploitation requires authenticated ...

6.4CVSS5.2AI score0.00523EPSS
CVE
CVE
added 2024/05/02 6:51 a.m.56 views

CVE-2024-3490

CVE-2024-3490 is a Stored Cross-Site Scripting vulnerability in the WordPress plugin WP Recipe Maker, affecting all versions up to and including 9.3.1. It arises from insufficient input sanitization and output escaping on user-supplied attributes in the wprm-recipe-roundup-item shortcode, allowin...

6.4CVSS5.7AI score0.0032EPSS
CVE
CVE
added 2024/10/24 11:3 a.m.55 views

CVE-2024-9650

CVE-2024-9650 : WP Recipe Maker for WordPress is vulnerable to stored XSS via the tooltip parameter in all versions up to and including 9.6.1. Exploitation requires Contributor-level access or higher. Connected sources confirm the flaw and that patches exist: fixed in 9.7.0. Affected product/vers...

6.5CVSS6AI score0.00374EPSS
CVE
CVE
added 2024/02/05 9:21 p.m.52 views

CVE-2024-0382

WP Recipe Maker for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to 9.1.0 due to unrestricted use of the header_tag attribute. The root cause is the header_tag attribute allowing injection of scripts by authenticated users with contributor-level permissions or higher. A f...

6.4CVSS5.2AI score0.00561EPSS
CVE
CVE
added 2024/06/19 8:33 a.m.52 views

CVE-2024-0383

WP Recipe Maker for WordPress (plugin, up to version 9.1.0) is affected by a Stored XSS due to insufficient restrictions on the group_tag attribute in the wprm-recipe-instructions and wprm-recipe-ingredients shortcodes. Exploitation requires authentication at Contributor level or higher; an attac...

6.4CVSS5.9AI score0.00449EPSS
CVE
CVE
added 2024/02/05 9:21 p.m.49 views

CVE-2024-0384

The CVE-2024-0384 vulnerability affects the WP Recipe Maker plugin for WordPress, where Stored Cross-Site Scripting is possible via Recipe Notes in all versions up to 9.1.0 due to insufficient input sanitization and output escaping. Authentication requirement is at contributor level or higher, en...

6.4CVSS5.2AI score0.00561EPSS
CVE
CVE
added 2024/02/05 9:21 p.m.42 views

CVE-2024-0380

The CVE-2024-0380 entry concerns WP Recipe Maker for WordPress, where Directory Traversal was possible in all versions up to 9.1.0 via the icon attribute in Shortcodes. Authenticated attackers with contributor-level access and above could include SVG file contents from the server, enabling Cross-...

5.4CVSS4.6AI score0.0081EPSS
CVE
CVE
added 2024/01/18 7:30 a.m.41 views

CVE-2024-0381

CVE-2024-0381 covers the WP Recipe Maker WordPress plugin. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw caused by the use of the HTML-like tag attribute in the wprm-recipe-name, wprm-recipe-date, and wprm-recipe-counter shortcodes. Affected versions are all up to and including 9....

6.4CVSS5.2AI score0.00578EPSS
CVE
CVE
added 2024/01/18 7:30 a.m.40 views

CVE-2023-6970

CVE-2023-6970 : WP Recipe Maker for WordPress is vulnerable to Reflected XSS via the Referer header in versions up to and including 9.1.0 due to insufficient input sanitization and output escaping. An unauthenticated attacker can cause web-script injection on pages that execute when a user takes ...

6.1CVSS6.2AI score0.00679EPSS
CVE
CVE
added 2024/01/18 7:30 a.m.24 views

CVE-2023-6958

Summary of CVE-2023-6958 (WP Recipe Maker, WordPress) Issue: Stored Cross-Site Scripting via the plugin’s shortcode attributes due to insufficient input sanitization and output escaping. Affected: WP Recipe Maker plugin for WordPress in versions up to and including 9.1.0. Impact: Authenticated at...

6.4CVSS5.2AI score0.00335EPSS