CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-3900

The Cooked Pro WordPress plugin before 1.7.5.7 does not properly validate or sanitize the recipe_args parameter before unserializing it in the cooked_loadmore action, allowing an unauthenticated attacker to trigger a PHP Object injection vulnerability.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.273

EPSS Ranking 96.2%

CVSS Severity

CVSS v3 Score 9.8

References

https://wpscan.com/vulnerability/c969c4bc-82d7-46a0-88ba-e056c0b27de7
https://wpscan.com/vulnerability/c969c4bc-82d7-46a0-88ba-e056c0b27de7

Products affected by CVE-2022-3900

Boxystudio » Cooked » Version: N/A

cpe:2.3:a:boxystudio:cooked:-
Boxystudio » Cooked » Version: 1.7.5.6

cpe:2.3:a:boxystudio:cooked:1.7.5.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-3900

Products

Pricing

Contact Us