11 matches found
CVE-2022-3900
CVE-2022-3900 affects the Cooked Pro WordPress plugin prior to 1.7.5.7. The flaw is improper validation/sanitization of the recipe_args parameter before unserializing it in the cooked_loadmore action, enabling an unauthenticated attacker to trigger a PHP object injection. Affected: Cooked Pro Wor...
CVE-2023-44477
CVE-2023-44477 affects Boxy Studio Cooked Plugin for WordPress, vulnerable in versions 1.7.13 to mitigate.
CVE-2024-49290
CVE-2024-49290 pertains to a Cross-Site Request Forgery (CSRF) in Cooked Pro (WordPress plugin by Gora Tech LLC) affecting versions prior to 1.8.0. The linked sources note that the vulnerability is addressed in version 1.8.0 and advise upgrading to mitigate exposure. No exploit specifics are prov...
CVE-2024-37308
The Cooked Pro (Cooked – Recipe Management) WordPress plugin is affected by CVE-2024-37308: an authenticated Persistent Cross‑Site Scripting (XSS) vulnerability in _recipe_settings[post_title] up to version 1.7.15.4. The root cause is insufficient input sanitization and output escaping, allowing ...
CVE-2021-24233
CVE-2021-24233 affects the Cooked Pro WordPress plugin prior to 1.7.5.6. The vulnerability is an unauthenticated reflected Cross-Site Scripting (XSS) due to improper sanitisation of user input, which is echoed back in pages as an arbitrary attribute. Impacted behavior could enable an attacker to ...
CVE-2024-39679
Cooked – Recipe Management (WordPress) has a CSRF vulnerability up to version 1.7.15.4 due to missing or improper nonce validation on the AJAX action handler. As described in multiple sources, this could allow an attacker to coerce authenticated users into performing unintended actions. The issue...
CVE-2024-39678
CVE-2024-39678 affects the Cooked WordPress plugin (Cooked – Recipe Management). The issue is CSRF due to missing/incorrect nonce validation on the AJAX action handler, allowing tricked actions under an authenticated user. Affected versions are up to and including 1.7.15.4; remediation is to upgr...
CVE-2024-39680
CVE-2024-39680 affects the WordPress plugin Cooked – Recipe Management . Connected sources confirm CSRF in versions up to and including 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler; this could allow an attacker to trick authenticated users into performing unint...
CVE-2024-39681
CVE-2024-39681 affects the WordPress plugin “Cooked – Recipe Management.” The provided documents confirm a CSRF flaw up to and including version 1.7.15.4 caused by missing/incorrect nonce validation on the AJAX action handler, allowing an attacker to coerce authenticated users into unintended act...
CVE-2024-39682
CVE-2024-39682 affects the Cooked – Recipe Management WordPress plugin. It enables HTML Injection due to insufficient input sanitization and output escaping in versions up to and including 1.7.15.4. Exploitation requires authenticated access at contributor level or higher, and injected HTML would...
CVE-2024-41816
CVE-2024-41816 affects the WordPress Cooked plugin. It enables Persistent Cross-Site Scripting via the [cooked-timer] shortcode in Cooked versions up to 1.8.0, with exploitation possible by authenticated users with subscriber-level access and above. The issue stems from insufficient input sanitiz...