Vulnerability Details CVE-2021-24233
The Cooked Pro WordPress plugin before 1.7.5.6 was affected by unauthenticated reflected Cross-Site Scripting issues, due to improper sanitisation of user input while being output back in pages as an arbitrary attribute.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.055
EPSS Ranking 89.8%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- https://wpscan.com/vulnerability/ed620de5-1ad2-4480-b08b-719480472bc0
- https://www.getastra.com/blog/911/reflected-xss-found-in-cooked-pro-recipe-plugin-for-wordpress/
- https://www.jinsonvarghese.com/reflected-xss-vulnerability-found-in-cooked-pro-plugin/
- https://wpscan.com/vulnerability/ed620de5-1ad2-4480-b08b-719480472bc0
- https://www.getastra.com/blog/911/reflected-xss-found-in-cooked-pro-recipe-plugin-for-wordpress/
- https://www.jinsonvarghese.com/reflected-xss-vulnerability-found-in-cooked-pro-plugin/
Products affected by CVE-2021-24233
-
cpe:2.3:a:boxystudio:cooked:-