Strategy11 Team Tasty Recipes Lite CVE-2025-62131
MEDIUMSeverity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
3DescriptionCVE.org
Missing Authorization vulnerability in Strategy11 Team Tasty Recipes Lite tasty-recipes-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tasty Recipes Lite: from n/a through <= 1.1.5.
AnalysisAI
Broken access control in Strategy11 Team Tasty Recipes Lite WordPress plugin through version 1.1.5 allows unauthenticated attackers to exploit incorrectly configured security levels to access or modify protected functionality. The vulnerability stems from missing authorization checks that fail to properly validate user permissions before exposing sensitive operations. EPSS exploitation probability is low at 0.04%, and no public exploit code or confirmed active exploitation has been identified.
Technical ContextAI
This vulnerability is classified as CWE-862 (Missing Authorization), a root cause failure in access control implementation where the application does not verify that an actor has the required permissions before allowing an operation. The affected product is the Tasty Recipes Lite WordPress plugin (CPE would be wp:plugin:tasty-recipes-lite), which extends WordPress recipe management functionality. The vulnerability indicates that the plugin's authorization logic-likely implemented via WordPress nonces, capability checks, or custom permission validation-fails to enforce access restrictions on certain endpoints or AJAX actions, allowing unauthorized users to interact with protected resources despite the plugin's intended access control design.
Affected ProductsAI
Strategy11 Team Tasty Recipes Lite WordPress plugin versions up to and including 1.1.5 are affected. The vulnerability applies to all installations running version 1.1.5 or earlier. According to Patchstack, the affected range is stated as "from n/a through <= 1.1.5", indicating the vulnerability is present in all tested versions up to 1.1.5.
RemediationAI
Update the Tasty Recipes Lite plugin to a version greater than 1.1.5 immediately. WordPress administrators should navigate to Plugins > Installed Plugins, locate Tasty Recipes Lite, and apply the available update via the WordPress dashboard. If an update is not yet available, disable the plugin temporarily until a patched version is released. Verify the update by checking the plugin version in the WordPress admin panel. For more details and confirmation of available patched versions, consult the Patchstack vulnerability database entry at https://patchstack.com/database/Wordpress/Plugin/tasty-recipes-lite/vulnerability/wordpress-tasty-recipes-lite-plugin-1-1-5-broken-access-control-vulnerability-2.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today