Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the ‘[cooked-timer]’ shortcode in versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with subscriber-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses a compromised page. This issue has been addressed in release version 1.8.1. All users are advised to upgrade. There are no known workarounds for this vulnerability.
Metrics
Affected Vendors & Products
References
History
Thu, 08 Aug 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Goratech
Goratech cooked |
|
CPEs | cpe:2.3:a:goratech:cooked:*:*:*:*:*:*:*:* | |
Vendors & Products |
Goratech
Goratech cooked |
|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-08-05T20:12:41.428Z
Updated: 2024-08-08T13:28:33.622Z
Reserved: 2024-07-22T13:57:37.137Z
Link: CVE-2024-41816
Vulnrichment
Updated: 2024-08-08T13:28:27.909Z
NVD
Status : Awaiting Analysis
Published: 2024-08-05T20:15:35.630
Modified: 2024-08-06T16:30:24.547
Link: CVE-2024-41816
Redhat
No data.