5 matches found
CVE-2024-1206
WP Recipe Maker for WordPress (versions
CVE-2022-4468
CVE-2022-4468 affects the WP Recipe Maker WordPress plugin: versions before 8.6.1 do not validate/escape certain shortcode attributes, enabling Stored XSS from users with as low as Contributor to target higher-privilege users. The vulnerability is triggered by outputting untrusted shortcode data ...
CVE-2024-1571
CVE-2024-1571 : WP Recipe Maker for WordPress is vulnerable to Stored Cross-Site Scripting via the Video Embed parameter in all versions up to 9.2.1 due to insufficient input sanitization and output escaping. Authenticated users with access to the recipe dashboard (admin by default, but roles can...
CVE-2024-3490
CVE-2024-3490 is a Stored Cross-Site Scripting vulnerability in the WordPress plugin WP Recipe Maker, affecting all versions up to and including 9.3.1. It arises from insufficient input sanitization and output escaping on user-supplied attributes in the wprm-recipe-roundup-item shortcode, allowin...
CVE-2024-0383
WP Recipe Maker for WordPress (plugin, up to version 9.1.0) is affected by a Stored XSS due to insufficient restrictions on the group_tag attribute in the wprm-recipe-instructions and wprm-recipe-ingredients shortcodes. Exploitation requires authentication at Contributor level or higher; an attac...