CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0381 – WP Recipe Maker <= 9.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tag'
https://notcve.org/view.php?id=CVE-2024-0381
17 Jan 2024 — The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the use of the 'tag' attribute in the wprm-recipe-name, wprm-recipe-date, and wprm-recipe-counter shortcodes in all versions up to, and including, 9.1.0. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento WP Recipe Maker para WordPress es vulnerable a Cross-Si... • https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/shortcodes/recipe/class-wprm-sc-counter.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 1%CPEs: 1EXPL: 0CVE-2024-0382 – WP Recipe Maker <= 9.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via header_tag
https://notcve.org/view.php?id=CVE-2024-0382
17 Jan 2024 — The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 9.1.0 due to unrestricted use of the 'header_tag' attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento WP Recipe Maker para WordPress es vulnerable a las Cross-Site Scripting Almacenado a... • https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/shortcodes/class-wprm-shortcode-helper.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 1%CPEs: 1EXPL: 0CVE-2024-0384 – WP Recipe Maker <= 9.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Recipe Notes
https://notcve.org/view.php?id=CVE-2024-0384
17 Jan 2024 — The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Recipe Notes in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento WP Recipe Maker para WordPress es vulnerable a Cross-Site Scripting Almacenado a través de n... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3019769%40wp-recipe-maker&new=3019769%40wp-recipe-maker&sfp_email=&sfph_mail= • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4468 – WP Recipe Maker < 8.6.1 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2022-4468
19 Dec 2022 — The WP Recipe Maker WordPress plugin before 8.6.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin. The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode in versions up to, and including, 8.6.0 due to insufficient input sanitization and output ... • https://wpscan.com/vulnerability/a3bf24af-417e-4ca2-886c-bb36bb2d952b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •