Cooked
CVE-2024-39682
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with contributor-level access and above to inject arbitrary HTML in pages that will be shown whenever a user accesses a compromised page. This issue has been addressed in release version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
AnalysisAI
Cooked is a recipe plugin for WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-116. Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with contributor-level access and above to inject arbitrary HTML in pages that will be shown whenever a user accesses a compromised page. This issue has been addressed in release version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. Affected products include: Boxystudio Cooked. Version information: version 1.8.0..
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
The Cooked Pro WordPress plugin before 1.7.5.7 does not properly validate or sanitize the recipe_args parameter before u
Cooked is a recipe plugin for WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no
Cooked is a recipe plugin for WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no
Cooked is a recipe plugin for WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no
Cooked is a recipe plugin for WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no
The Cooked Pro WordPress plugin before 1.7.5.6 was affected by unauthenticated reflected Cross-Site Scripting issues, du
Cooked is a recipe plugin for WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, l
The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the `_recipe_setti
Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor pat
Same weakness CWE-116 – Improper Encoding or Escaping of Output
View allSame technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today