Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the ‘[cooked-timer]’ shortcode in versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with subscriber-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses a compromised page. This issue has been addressed in release version 1.8.1. All users are advised to upgrade. There are no known workarounds for this vulnerability.
History

Thu, 08 Aug 2024 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Goratech
Goratech cooked
CPEs cpe:2.3:a:goratech:cooked:*:*:*:*:*:*:*:*
Vendors & Products Goratech
Goratech cooked
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-08-05T20:12:41.428Z

Updated: 2024-08-08T13:28:33.622Z

Reserved: 2024-07-22T13:57:37.137Z

Link: CVE-2024-41816

cve-icon Vulnrichment

Updated: 2024-08-08T13:28:27.909Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-08-05T20:15:35.630

Modified: 2024-08-06T16:30:24.547

Link: CVE-2024-41816

cve-icon Redhat

No data.