Unrated severityNVD Advisory· Published Dec 12, 2022· Updated Apr 22, 2025
Cooked Pro < 1.7.5.7 - Unauthenticated PHP Object Injection
CVE-2022-3900
Description
The Cooked Pro WordPress plugin before 1.7.5.7 does not properly validate or sanitize the recipe_args parameter before unserializing it in the cooked_loadmore action, allowing an unauthenticated attacker to trigger a PHP Object injection vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Cooked Pro WordPress plugindescription
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/c969c4bc-82d7-46a0-88ba-e056c0b27de7mitreexploitvdb-entrytechnical-description
News mentions
0No linked articles in our index yet.