The plugin was affected by unauthenticated reflected Cross-Site Scripting issues, due to improper sanitisation of user input while being output back in pages as an arbitrary attribute.
https://cooked.pro/demo/trial/5snjx6louabhdpg/profile/?t8osi"><script>alert(1)<%2Fscript>dr7ag=1
CPE | Name | Operator | Version |
---|---|---|---|
cooked-pro | lt | 1.7.5.6 |