Filtered by vendor Boxystudio
Subscriptions
Filtered by product Cooked
Subscriptions
Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-3900 | 1 Boxystudio | 1 Cooked | 2023-11-07 | 9.8 Critical |
The Cooked Pro WordPress plugin before 1.7.5.7 does not properly validate or sanitize the recipe_args parameter before unserializing it in the cooked_loadmore action, allowing an unauthenticated attacker to trigger a PHP Object injection vulnerability. | ||||
CVE-2023-44477 | 1 Boxystudio | 1 Cooked | 2023-10-03 | 5.4 Medium |
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Boxy Studio Cooked plugin <= 1.7.13 versions. | ||||
CVE-2021-24233 | 1 Boxystudio | 1 Cooked | 2021-04-29 | 6.1 Medium |
The Cooked Pro WordPress plugin before 1.7.5.6 was affected by unauthenticated reflected Cross-Site Scripting issues, due to improper sanitisation of user input while being output back in pages as an arbitrary attribute. |
Page 1 of 1.