cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-9650,https://securityvulnerability.io/vulnerability/CVE-2024-9650,Recipe Maker Plugin Vulnerable to Cross-Site Scripting,"The WP Recipe Maker plugin for WordPress exhibits a vulnerability related to Stored Cross-Site Scripting through the 'tooltip' parameter. This flaw exists in all versions up to and including 9.6.1 and arises from inadequate input sanitization and output escaping measures. Authenticated attackers, particularly those with Contributor-level access or higher, can exploit this vulnerability to inject arbitrary web scripts into the page. When users visit an affected page, these scripts execute, potentially leading to unauthorized actions and data access within the web application.",Wordpress,WP Recipe Maker,6.5,MEDIUM,0.0005799999926239252,false,,false,false,false,,false,false,2024-10-24T11:03:15.623Z,0
CVE-2024-0383,https://securityvulnerability.io/vulnerability/CVE-2024-0383,Stored Cross-Site Scripting Vulnerability in WP Recipe Maker Plugin,"The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [wprm-recipe-instructions] and [wprm-recipe-ingredients] shortcodes in all versions up to, and including, 9.1.0 due to insufficient restrictions on the 'group_tag' attribute . This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,WP Recipe Maker,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-06-19T08:33:56.641Z,0
CVE-2024-3490,https://securityvulnerability.io/vulnerability/CVE-2024-3490,Stored Cross-Site Scripting Vulnerability in WP Recipe Maker Plugin,"The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wprm-recipe-roundup-item shortcode in all versions up to, and including, 9.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,WP Recipe Maker,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-02T06:51:32.797Z,0
CVE-2024-1571,https://securityvulnerability.io/vulnerability/CVE-2024-1571,Stored Cross-Site Scripting Vulnerability in WP Recipe Maker Plugin for WordPress,"The WP Recipe Maker plugin for WordPress is exposed to a Stored Cross-Site Scripting vulnerability due to inadequate input sanitization and output escaping techniques. This flaw affects all versions up to and including 9.2.1. Authenticated users with access to the recipe dashboard can exploit this vulnerability to inject malicious web scripts. When other users visit a page that has been compromised, these scripts are executed, potentially compromising their session and information.",Wordpress,WP Recipe Maker,4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-09T18:58:54.062Z,0
CVE-2024-1206,https://securityvulnerability.io/vulnerability/CVE-2024-1206,SQL Injection Vulnerability in WP Recipe Maker Plugin,"The WP Recipe Maker plugin for WordPress is affected by a SQL Injection vulnerability that occurs when the 'recipes' parameter is processed. The vulnerability is due to inadequate escaping of user-supplied input and insufficient preparation of the SQL query structure. As a result, authenticated attackers with subscriber-level access or higher can inject additional SQL commands into existing queries. This exploitation potentially enables malicious users to extract sensitive data from the underlying database, posing serious risks to user privacy and website integrity.",Wordpress,WP Recipe Maker,8.8,HIGH,0.0004400000034365803,false,,false,false,false,,false,false,2024-02-29T01:43:00.000Z,0
CVE-2024-0384,https://securityvulnerability.io/vulnerability/CVE-2024-0384,Stored Cross-Site Scripting Vulnerability in Recipe Maker Plugin,"The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Recipe Notes in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,WP Recipe Maker,6.4,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2024-02-05T21:21:49.490Z,0
CVE-2024-0255,https://securityvulnerability.io/vulnerability/CVE-2024-0255,Stored Cross-Site Scripting Vulnerability in WP Recipe Maker Plugin,"The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wprm-recipe-text-share' shortcode in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,WP Recipe Maker,6.4,MEDIUM,0.0005600000149570405,false,,false,false,false,,false,false,2024-02-05T21:21:44.818Z,0
CVE-2024-0380,https://securityvulnerability.io/vulnerability/CVE-2024-0380,Directory Traversal in WP Recipe Maker Plugin for WordPress,"The WP Recipe Maker plugin for WordPress exposes a directory traversal vulnerability that allows authenticated attackers with contributor-level access and above to exploit the 'icon' attribute in Shortcodes. By leveraging this vulnerability, attackers can include the contents of SVG files residing on the server, which may lead to Cross-Site Scripting (XSS) attacks, potentially compromising user data and site integrity.",Wordpress,WP Recipe Maker,4.3,MEDIUM,0.0005699999746866524,false,,false,false,false,,false,false,2024-02-05T21:21:42.972Z,0
CVE-2024-0382,https://securityvulnerability.io/vulnerability/CVE-2024-0382,Stored Cross-Site Scripting Vulnerability in WP Recipe Maker Plugin by WordPress,"The WP Recipe Maker plugin for WordPress has a vulnerability that allows authenticated users with contributor-level permissions and above to exploit stored cross-site scripting (XSS). This occurs through the plugin's shortcode(s) due to the unrestricted use of the 'header_tag' attribute. Attackers can inject arbitrary web scripts into the pages, which are executed whenever a user visits the altered page, potentially compromising user data and site integrity.",Wordpress,WP Recipe Maker,5.4,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2024-02-05T21:21:36.490Z,0
CVE-2023-6958,https://securityvulnerability.io/vulnerability/CVE-2023-6958,Stored Cross-Site Scripting Vulnerability in WP Recipe Maker Plugin,"The WP Recipe Maker plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping of user-supplied attributes in its shortcode(s). This vulnerability affects all versions up to and including 9.1.0, allowing authenticated attackers with contributor-level permissions or higher to inject malicious web scripts into pages. These scripts will execute for unsuspecting users accessing the altered pages, potentially compromising their security and privacy.",Wordpress,WP Recipe Maker,6.4,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2024-01-18T07:30:25.980Z,0
CVE-2024-0381,https://securityvulnerability.io/vulnerability/CVE-2024-0381,Stored Cross-Site Scripting Vulnerability in WP Recipe Maker Plugin for WordPress,"The WP Recipe Maker plugin for WordPress is compromised by a Stored Cross-Site Scripting vulnerability that affects all versions up to and including 9.1.0. This vulnerability allows authenticated attackers with contributor-level permissions or higher to exploit the 'tag' attribute within the shortcodes for recipe name, date, and counter. By leveraging this flaw, attackers can inject arbitrary web scripts that execute when users access compromised pages, potentially leading to unauthorized actions or data theft.",Wordpress,WP Recipe Maker,6.4,MEDIUM,0.0006699999794363976,false,,false,false,false,,false,false,2024-01-18T07:30:25.510Z,0
CVE-2023-6970,https://securityvulnerability.io/vulnerability/CVE-2023-6970,Reflected Cross-Site Scripting in WP Recipe Maker Plugin for WordPress,"The WP Recipe Maker plugin for WordPress is susceptible to a Reflected Cross-Site Scripting vulnerability due to inadequate sanitization of the ‘Referer' header. This issue exists in all releases up to version 9.1.0, allowing unauthenticated attackers to insert malicious web scripts into web pages. If users are tricked into clicking a deceptive link, these scripts can execute within their browsers, posing significant security risks.",Wordpress,WP Recipe Maker,6.1,MEDIUM,0.0005499999970197678,false,,false,false,false,,false,false,2024-01-18T07:30:24.934Z,0
CVE-2022-4468,https://securityvulnerability.io/vulnerability/CVE-2022-4468,WP Recipe Maker < 8.6.1 - Contributor+ Stored XSS,"The WP Recipe Maker WordPress plugin before 8.6.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin.",Wordpress,WP Recipe Maker,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2023-01-09T22:13:32.184Z,0