The Cooked Pro WordPress plugin before 1.7.5.6 was affected by unauthenticated reflected Cross-Site Scripting issues, due to improper sanitisation of user input while being output back in pages as an arbitrary attribute.
References
| Link | Resource |
|---|---|
| https://wpscan.com/vulnerability/ed620de5-1ad2-4480-b08b-719480472bc0 | Exploit Third Party Advisory |
| https://www.getastra.com/blog/911/reflected-xss-found-in-cooked-pro-recipe-plugin-for-wordpress/ | Third Party Advisory |
| https://www.jinsonvarghese.com/reflected-xss-vulnerability-found-in-cooked-pro-plugin/ | Third Party Advisory |
| https://wpscan.com/vulnerability/ed620de5-1ad2-4480-b08b-719480472bc0 | Exploit Third Party Advisory |
| https://www.getastra.com/blog/911/reflected-xss-found-in-cooked-pro-recipe-plugin-for-wordpress/ | Third Party Advisory |
| https://www.jinsonvarghese.com/reflected-xss-vulnerability-found-in-cooked-pro-plugin/ | Third Party Advisory |
Configurations
History
21 Nov 2024, 05:52
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://wpscan.com/vulnerability/ed620de5-1ad2-4480-b08b-719480472bc0 - Exploit, Third Party Advisory | |
| References | () https://www.getastra.com/blog/911/reflected-xss-found-in-cooked-pro-recipe-plugin-for-wordpress/ - Third Party Advisory | |
| References | () https://www.jinsonvarghese.com/reflected-xss-vulnerability-found-in-cooked-pro-plugin/ - Third Party Advisory |
Information
Published : 2021-04-22 21:15
Updated : 2024-11-21 05:52
NVD link : CVE-2021-24233
Mitre link : CVE-2021-24233
CVE.ORG link : CVE-2021-24233
JSON object : View
Products Affected
boxystudio
- cooked
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')