Bootstrapped

Wp Recipe Maker

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2024-9650

  • EPSS 0.5%
  • Veröffentlicht 24.10.2024 11:15:14
  • Zuletzt bearbeitet 24.02.2025 20:57:41

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tooltip’ parameter in all versions up to, and including, 9.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authe...

5.4

CVE-2024-0383

  • EPSS 1.95%
  • Veröffentlicht 19.06.2024 09:15:10
  • Zuletzt bearbeitet 27.02.2025 15:15:08

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [wprm-recipe-instructions] and [wprm-recipe-ingredients] shortcodes in all versions up to, and including, 9.1.0 due to insufficient restrictions on...

5.4

CVE-2024-3490

  • EPSS 0.17%
  • Veröffentlicht 02.05.2024 07:15:22
  • Zuletzt bearbeitet 27.02.2025 16:24:20

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wprm-recipe-roundup-item shortcode in all versions up to, and including, 9.3.1 due to insufficient input sanitization and output escaping on user s...

4.8

CVE-2024-1571

  • EPSS 0.38%
  • Veröffentlicht 09.04.2024 19:15:18
  • Zuletzt bearbeitet 27.02.2025 14:53:37

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video Embed parameter in all versions up to, and including, 9.2.1 due to insufficient input sanitization and output escaping. This makes it possible for aut...

8.8

CVE-2024-1206

  • EPSS 0.65%
  • Veröffentlicht 29.02.2024 01:43:43
  • Zuletzt bearbeitet 26.02.2025 15:14:42

The WP Recipe Maker plugin for WordPress is vulnerable to SQL Injection via the 'recipes' parameter in all versions up to, and including, 9.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the exis...

4.3

CVE-2024-0380

  • EPSS 5.08%
  • Veröffentlicht 05.02.2024 22:16:01
  • Zuletzt bearbeitet 21.11.2024 08:46:27

The WP Recipe Maker plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 9.1.0 via the 'icon' attribute used in Shortcodes. This makes it possible for authenticated attackers, with contributor-level access a...

5.4

CVE-2024-0382

  • EPSS 1.67%
  • Veröffentlicht 05.02.2024 22:16:01
  • Zuletzt bearbeitet 21.11.2024 08:46:27

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 9.1.0 due to unrestricted use of the 'header_tag' attribute. This makes it possible for authenti...

5.4

CVE-2024-0384

  • EPSS 1.67%
  • Veröffentlicht 05.02.2024 22:16:01
  • Zuletzt bearbeitet 21.11.2024 08:46:28

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Recipe Notes in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated at...

5.4

CVE-2024-0255

  • EPSS 0.17%
  • Veröffentlicht 05.02.2024 22:15:59
  • Zuletzt bearbeitet 21.11.2024 08:46:09

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wprm-recipe-text-share' shortcode in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping on user s...

5.4

CVE-2024-0381

  • EPSS 0.98%
  • Veröffentlicht 18.01.2024 08:15:40
  • Zuletzt bearbeitet 02.06.2025 15:15:26

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the use of the 'tag' attribute in the wprm-recipe-name, wprm-recipe-date, and wprm-recipe-counter shortcodes in all versions up to, and including, 9.1.0. This m...