Lucene search
K
BoxystudioCooked

11 matches found

CVE
CVE
added 2022/12/12 5:57 p.m.63 views

CVE-2022-3900

CVE-2022-3900 affects the Cooked Pro WordPress plugin prior to 1.7.5.7. The flaw is improper validation/sanitization of the recipe_args parameter before unserializing it in the cooked_loadmore action, enabling an unauthenticated attacker to trigger a PHP object injection. Affected: Cooked Pro Wor...

9.8CVSS9.8AI score0.18966EPSS
Web
CVE
CVE
added 2023/10/02 8:55 a.m.61 views

CVE-2023-44477

CVE-2023-44477 affects Boxy Studio Cooked Plugin for WordPress, vulnerable in versions 1.7.13 to mitigate.

6.5CVSS5.5AI score0.00328EPSS
CVE
CVE
added 2024/10/20 10:14 a.m.61 views

CVE-2024-49290

CVE-2024-49290 pertains to a Cross-Site Request Forgery (CSRF) in Cooked Pro (WordPress plugin by Gora Tech LLC) affecting versions prior to 1.8.0. The linked sources note that the vulnerability is addressed in version 1.8.0 and advise upgrading to mitigate exposure. No exploit specifics are prov...

8.8CVSS5.1AI score0.00204EPSS
CVE
CVE
added 2024/06/13 1:46 p.m.59 views

CVE-2024-37308

The Cooked Pro (Cooked – Recipe Management) WordPress plugin is affected by CVE-2024-37308: an authenticated Persistent Cross‑Site Scripting (XSS) vulnerability in _recipe_settings[post_title] up to version 1.7.15.4. The root cause is insufficient input sanitization and output escaping, allowing ...

5.4CVSS5.5AI score0.00426EPSS
CVE
CVE
added 2021/04/22 9:0 p.m.55 views

CVE-2021-24233

CVE-2021-24233 affects the Cooked Pro WordPress plugin prior to 1.7.5.6. The vulnerability is an unauthenticated reflected Cross-Site Scripting (XSS) due to improper sanitisation of user input, which is echoed back in pages as an arbitrary attribute. Impacted behavior could enable an attacker to ...

6.1CVSS6.1AI score0.01749EPSS
Web
CVE
CVE
added 2024/07/17 11:47 p.m.53 views

CVE-2024-39679

Cooked – Recipe Management (WordPress) has a CSRF vulnerability up to version 1.7.15.4 due to missing or improper nonce validation on the AJAX action handler. As described in multiple sources, this could allow an attacker to coerce authenticated users into performing unintended actions. The issue...

8.8CVSS5AI score0.00343EPSS
CVE
CVE
added 2024/07/17 11:43 p.m.52 views

CVE-2024-39678

CVE-2024-39678 affects the Cooked WordPress plugin (Cooked – Recipe Management). The issue is CSRF due to missing/incorrect nonce validation on the AJAX action handler, allowing tricked actions under an authenticated user. Affected versions are up to and including 1.7.15.4; remediation is to upgr...

8.8CVSS5AI score0.00343EPSS
CVE
CVE
added 2024/07/17 11:47 p.m.48 views

CVE-2024-39680

CVE-2024-39680 affects the WordPress plugin Cooked – Recipe Management . Connected sources confirm CSRF in versions up to and including 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler; this could allow an attacker to trick authenticated users into performing unint...

8.8CVSS5.9AI score0.00334EPSS
CVE
CVE
added 2024/07/17 11:47 p.m.47 views

CVE-2024-39681

CVE-2024-39681 affects the WordPress plugin “Cooked – Recipe Management.” The provided documents confirm a CSRF flaw up to and including version 1.7.15.4 caused by missing/incorrect nonce validation on the AJAX action handler, allowing an attacker to coerce authenticated users into unintended act...

8.8CVSS5.9AI score0.00334EPSS
CVE
CVE
added 2024/07/17 11:47 p.m.47 views

CVE-2024-39682

CVE-2024-39682 affects the Cooked – Recipe Management WordPress plugin. It enables HTML Injection due to insufficient input sanitization and output escaping in versions up to and including 1.7.15.4. Exploitation requires authenticated access at contributor level or higher, and injected HTML would...

6.4CVSS6.7AI score0.00361EPSS
CVE
CVE
added 2024/08/05 8:12 p.m.35 views

CVE-2024-41816

CVE-2024-41816 affects the WordPress Cooked plugin. It enables Persistent Cross-Site Scripting via the [cooked-timer] shortcode in Cooked versions up to 1.8.0, with exploitation possible by authenticated users with subscriber-level access and above. The issue stems from insufficient input sanitiz...

5.4CVSS5.2AI score0.00359EPSS