Boxystudio: Security Vulnerabilities
The Cooked Pro WordPress plugin before 1.7.5.7 does not properly validate or sanitize the recipe_args parameter before unserializing it in the cooked_loadmore action, allowing an unauthenticated attacker to trigger a PHP Object injection vulnerability.
CVSS Score
9.8
EPSS Score
0.273
Published
2022-12-12
The Cooked Pro WordPress plugin before 1.7.5.6 was affected by unauthenticated reflected Cross-Site Scripting issues, due to improper sanitisation of user input while being output back in pages as an arbitrary attribute.
CVSS Score
6.1
EPSS Score
0.055
Published
2021-04-22
Page 2