🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

WP Recipe Maker

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > WP Recipe Maker

Information

Software Type	Plugin
Software Slug	wp-recipe-maker (view on wordpress.org)
Software Status	Active
Software Author	brechtvds
Software Website	bootstrapped.ventures
Software Downloads	2,781,871
Software Active Installs	50,000
Software Record Last Updated	May 19, 2024

11 Vulnerabilities

WP Recipe Maker <= 8.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2022-4468

Dec 19, 2022

Researcher: István Márton

WP Recipe Maker <= 9.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via header_tag

6.4

CVE-2024-0382

Jan 17, 2024

Researcher: wesley (wcraft)

WP Recipe Maker <= 9.1.0 - Directory Traversal

5.4

CVE-2024-0380

Jan 17, 2024

Researcher: wesley (wcraft)

WP Recipe Maker <= 9.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via icon_color

6.4

CVE-2024-0255

Jan 17, 2024

Researcher: wesley (wcraft)

WP Recipe Maker <= 9.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tag'

6.4

CVE-2024-0381

Jan 17, 2024

Researcher: wesley (wcraft)

WP Recipe Maker <= 9.1.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2023-6958

Jan 17, 2024

Researcher: wesley (wcraft)

WP Recipe Maker <= 9.1.0 - Reflected Cross-Site Scripting via Referer

6.1

CVE-2023-6970

Jan 17, 2024

Researcher: wesley (wcraft)

WP Recipe Maker <= 9.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Recipe Notes

6.4

CVE-2024-0384

Jan 17, 2024

Researcher: wesley (wcraft)

WP Recipe Maker <= 9.1.2 - Missing Authorization to Authenticated (Subscriber+) SQL Injecton

8.8

CVE-2024-1206

Feb 7, 2024

Researcher: Lucio Sá

WP Recipe Maker <= 9.2.1 - Authenticated Stored Cross-Site Scripting via Video Embed

4.4

CVE-2024-1571

Mar 14, 2024

Researcher: Sh

WP Recipe Maker <= 9.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wprm-recipe-roundup-item Shortcode

6.4

CVE-2024-3490

May 1, 2024

Researcher: stealthcopter

Title	Status	CVE ID	CVSS	Researchers	Date
WP Recipe Maker <= 8.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	Patched	CVE-2022-4468	6.4	István Márton	December 19, 2022
WP Recipe Maker <= 9.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via header_tag	Patched	CVE-2024-0382	6.4	wesley (wcraft)	January 17, 2024
WP Recipe Maker <= 9.1.0 - Directory Traversal	Patched	CVE-2024-0380	5.4	wesley (wcraft)	January 17, 2024
WP Recipe Maker <= 9.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via icon_color	Patched	CVE-2024-0255	6.4	wesley (wcraft)	January 17, 2024
WP Recipe Maker <= 9.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tag'	Patched	CVE-2024-0381	6.4	wesley (wcraft)	January 17, 2024
WP Recipe Maker <= 9.1.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode	Patched	CVE-2023-6958	6.4	wesley (wcraft)	January 17, 2024
WP Recipe Maker <= 9.1.0 - Reflected Cross-Site Scripting via Referer	Patched	CVE-2023-6970	6.1	wesley (wcraft)	January 17, 2024
WP Recipe Maker <= 9.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Recipe Notes	Patched	CVE-2024-0384	6.4	wesley (wcraft)	January 17, 2024
WP Recipe Maker <= 9.1.2 - Missing Authorization to Authenticated (Subscriber+) SQL Injecton	Patched	CVE-2024-1206	8.8	Lucio Sá	February 7, 2024
WP Recipe Maker <= 9.2.1 - Authenticated Stored Cross-Site Scripting via Video Embed	Patched	CVE-2024-1571	4.4	Sh	March 14, 2024
WP Recipe Maker <= 9.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wprm-recipe-roundup-item Shortcode	Patched	CVE-2024-3490	6.4	stealthcopter	May 1, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.