Skip to main content

Strategy11 Team Tasty Recipes Lite CVE-2025-62131

MEDIUM
Missing Authorization (CWE-862)
2025-12-31 audit@patchstack.com
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

3
CVSS changed
Apr 23, 2026 - 15:43 NVD
4.3 (MEDIUM)
Analysis Generated
Apr 01, 2026 - 17:44 vuln.today
CVE Published
Dec 31, 2025 - 16:15 nvd
N/A

DescriptionCVE.org

Missing Authorization vulnerability in Strategy11 Team Tasty Recipes Lite tasty-recipes-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tasty Recipes Lite: from n/a through <= 1.1.5.

AnalysisAI

Broken access control in Strategy11 Team Tasty Recipes Lite WordPress plugin through version 1.1.5 allows unauthenticated attackers to exploit incorrectly configured security levels to access or modify protected functionality. The vulnerability stems from missing authorization checks that fail to properly validate user permissions before exposing sensitive operations. EPSS exploitation probability is low at 0.04%, and no public exploit code or confirmed active exploitation has been identified.

Technical ContextAI

This vulnerability is classified as CWE-862 (Missing Authorization), a root cause failure in access control implementation where the application does not verify that an actor has the required permissions before allowing an operation. The affected product is the Tasty Recipes Lite WordPress plugin (CPE would be wp:plugin:tasty-recipes-lite), which extends WordPress recipe management functionality. The vulnerability indicates that the plugin's authorization logic-likely implemented via WordPress nonces, capability checks, or custom permission validation-fails to enforce access restrictions on certain endpoints or AJAX actions, allowing unauthorized users to interact with protected resources despite the plugin's intended access control design.

Affected ProductsAI

Strategy11 Team Tasty Recipes Lite WordPress plugin versions up to and including 1.1.5 are affected. The vulnerability applies to all installations running version 1.1.5 or earlier. According to Patchstack, the affected range is stated as "from n/a through <= 1.1.5", indicating the vulnerability is present in all tested versions up to 1.1.5.

RemediationAI

Update the Tasty Recipes Lite plugin to a version greater than 1.1.5 immediately. WordPress administrators should navigate to Plugins > Installed Plugins, locate Tasty Recipes Lite, and apply the available update via the WordPress dashboard. If an update is not yet available, disable the plugin temporarily until a patched version is released. Verify the update by checking the plugin version in the WordPress admin panel. For more details and confirmation of available patched versions, consult the Patchstack vulnerability database entry at https://patchstack.com/database/Wordpress/Plugin/tasty-recipes-lite/vulnerability/wordpress-tasty-recipes-lite-plugin-1-1-5-broken-access-control-vulnerability-2.

Share

CVE-2025-62131 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy