Boxystudio Cooked
11 CVEs affecting Boxystudio Cooked. Latest disclosed: 2024-10-20. Critical: 1, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-3900 | Critical | 9.8 | 2022-12-12 | The Cooked Pro WordPress plugin before 1.7.5.7 does not properly validate or sanitize the recipe_args parameter before unserializing it in the cooked_loadmore… |
CVE-2023-44477 | Medium | 6.5 | 2023-10-02 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Boxy Studio Cooked plugin <= 1.7.13 versions. |
CVE-2024-39682 | Medium | 6.4 | 2024-07-18 | Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.7.15.4 due to insu… |
CVE-2021-24233 | Medium | 6.1 | 2021-04-22 | The Cooked Pro WordPress plugin before 1.7.5.6 was affected by unauthenticated reflected Cross-Site Scripting issues, due to improper sanitisation of user inpu… |
CVE-2024-41816 | Medium | 5.4 | 2024-08-05 | Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the ‘[cooked-timer]’ shortc… |
CVE-2024-39681 | Medium | 5.4 | 2024-07-18 | Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1… |
CVE-2024-39680 | Medium | 5.4 | 2024-07-18 | Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1… |
CVE-2024-37308 | Medium | 5.4 | 2024-06-13 | The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the `_recipe_settings[post_title]` parameter in versions… |
CVE-2024-49290 | Medium | 4.3 | 2024-10-20 | Cross-Site Request Forgery (CSRF) vulnerability in Gora Tech LLC Cooked Pro allows Cross Site Request Forgery.This issue affects Cooked Pro: from n/a before 1… |
CVE-2024-39679 | Medium | 4.3 | 2024-07-18 | Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1… |
CVE-2024-39678 | Medium | 4.3 | 2024-07-18 | Cooked is a recipe plugin for WordPress. The Cooked plugin is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1.7.15.4 due to… |