Boxystudio

Cooked

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2025-62989

  • EPSS 0.04%
  • Veröffentlicht 31.12.2025 17:19:24
  • Zuletzt bearbeitet 20.01.2026 15:18:19

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Boxy Studio Cooked allows Stored XSS.This issue affects Cooked: from n/a through 1.11.2.

8.8

CVE-2024-49290

  • EPSS 0.4%
  • Veröffentlicht 20.10.2024 11:15:03
  • Zuletzt bearbeitet 22.10.2024 18:35:55

Cross-Site Request Forgery (CSRF) vulnerability in Gora Tech LLC Cooked Pro allows Cross Site Request Forgery.This issue affects Cooked Pro: from n/a before 1.8.0.

10

CVE-2024-49291

  • EPSS 0.61%
  • Veröffentlicht 17.10.2024 18:15:13
  • Zuletzt bearbeitet 18.10.2024 12:52:33

Unrestricted Upload of File with Dangerous Type vulnerability in Gora Tech LLC Cooked Pro.This issue affects Cooked Pro: from n/a before 1.8.0.

5.4

CVE-2024-41816

Exploit
  • EPSS 2.5%
  • Veröffentlicht 05.08.2024 20:15:35
  • Zuletzt bearbeitet 07.02.2025 16:36:14

Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the ‘[cooked-timer]’ shortcode in versions up to, and including, 1.8.0 due to insufficient input sanitization and outp...

5.4

CVE-2024-39682

Exploit
  • EPSS 1.47%
  • Veröffentlicht 18.07.2024 01:15:15
  • Zuletzt bearbeitet 10.02.2025 15:37:05

Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated at...

8.8

CVE-2024-39678

Exploit
  • EPSS 0.46%
  • Veröffentlicht 18.07.2024 01:15:14
  • Zuletzt bearbeitet 10.02.2025 15:53:36

Cooked is a recipe plugin for WordPress. The Cooked plugin is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could...

8.8

CVE-2024-39679

Exploit
  • EPSS 0.46%
  • Veröffentlicht 18.07.2024 01:15:14
  • Zuletzt bearbeitet 10.02.2025 15:51:58

Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulne...

8.8

CVE-2024-39680

Exploit
  • EPSS 0.32%
  • Veröffentlicht 18.07.2024 01:15:14
  • Zuletzt bearbeitet 10.02.2025 15:46:20

Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulne...

8.8

CVE-2024-39681

Exploit
  • EPSS 0.32%
  • Veröffentlicht 18.07.2024 01:15:14
  • Zuletzt bearbeitet 10.02.2025 15:44:04

Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulne...

5.4

CVE-2024-37308

Exploit
  • EPSS 4.62%
  • Veröffentlicht 13.06.2024 14:15:12
  • Zuletzt bearbeitet 11.02.2025 20:16:37

The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the `_recipe_settings[post_title]` parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. ...