CVE-2025-62131
Lifecycle Timeline
2Description
Missing Authorization vulnerability in Strategy11 Team Tasty Recipes Lite tasty-recipes-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tasty Recipes Lite: from n/a through <= 1.1.5.
Analysis
Broken access control in Strategy11 Team Tasty Recipes Lite WordPress plugin through version 1.1.5 allows unauthenticated attackers to exploit incorrectly configured security levels to access or modify protected functionality. The vulnerability stems from missing authorization checks that fail to properly validate user permissions before exposing sensitive operations. EPSS exploitation probability is low at 0.04%, and no public exploit code or confirmed active exploitation has been identified.
Technical Context
This vulnerability is classified as CWE-862 (Missing Authorization), a root cause failure in access control implementation where the application does not verify that an actor has the required permissions before allowing an operation. The affected product is the Tasty Recipes Lite WordPress plugin (CPE would be wp:plugin:tasty-recipes-lite), which extends WordPress recipe management functionality. The vulnerability indicates that the plugin's authorization logic-likely implemented via WordPress nonces, capability checks, or custom permission validation-fails to enforce access restrictions on certain endpoints or AJAX actions, allowing unauthorized users to interact with protected resources despite the plugin's intended access control design.
Affected Products
Strategy11 Team Tasty Recipes Lite WordPress plugin versions up to and including 1.1.5 are affected. The vulnerability applies to all installations running version 1.1.5 or earlier. According to Patchstack, the affected range is stated as "from n/a through <= 1.1.5", indicating the vulnerability is present in all tested versions up to 1.1.5.
Remediation
Update the Tasty Recipes Lite plugin to a version greater than 1.1.5 immediately. WordPress administrators should navigate to Plugins > Installed Plugins, locate Tasty Recipes Lite, and apply the available update via the WordPress dashboard. If an update is not yet available, disable the plugin temporarily until a patched version is released. Verify the update by checking the plugin version in the WordPress admin panel. For more details and confirmation of available patched versions, consult the Patchstack vulnerability database entry at https://patchstack.com/database/Wordpress/Plugin/tasty-recipes-lite/vulnerability/wordpress-tasty-recipes-lite-plugin-1-1-5-broken-access-control-vulnerability-2.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today