VYPR

Wp Recipe Maker

by WordPress

Source repositories

CVEs (19)

  • CVE-2024-1206HigFeb 29, 2024
    risk 0.50cvss 8.8epss 0.01

    The WP Recipe Maker plugin for WordPress is vulnerable to SQL Injection via the 'recipes' parameter in all versions up to, and including, 9.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes…

  • CVE-2024-0384MedFeb 5, 2024
    risk 0.42cvss 6.4epss 0.01

    The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Recipe Notes in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with…

  • CVE-2025-14385MedDec 17, 2025
    risk 0.35cvss 6.4epss 0.00

    The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 10.2.3 due to insufficient input sanitization and output escaping on user-supplied attributes in the wprm-recipe-roundup-item…

  • CVE-2025-1503MedMar 13, 2025
    risk 0.35cvss 6.4epss 0.00

    The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Roundup Recipe Name field in all versions up to, and including, 9.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,…

  • CVE-2024-0383MedJun 19, 2024
    risk 0.35cvss 6.4epss 0.00

    The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [wprm-recipe-instructions] and [wprm-recipe-ingredients] shortcodes in all versions up to, and including, 9.1.0 due to insufficient restrictions on the 'group_tag' attribute .…

  • CVE-2024-3490MedMay 2, 2024
    risk 0.35cvss 6.4epss 0.00

    The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wprm-recipe-roundup-item shortcode in all versions up to, and including, 9.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This…

  • CVE-2024-0382MedFeb 5, 2024
    risk 0.35cvss 6.4epss 0.01

    The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 9.1.0 due to unrestricted use of the 'header_tag' attribute. This makes it possible for authenticated attackers with…

  • CVE-2024-0255MedFeb 5, 2024
    risk 0.35cvss 6.4epss 0.01

    The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wprm-recipe-text-share' shortcode in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This…

  • CVE-2024-0381MedJan 18, 2024
    risk 0.35cvss 6.4epss 0.01

    The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the use of the 'tag' attribute in the wprm-recipe-name, wprm-recipe-date, and wprm-recipe-counter shortcodes in all versions up to, and including, 9.1.0. This makes it possible for…

  • CVE-2023-6958MedJan 18, 2024
    risk 0.35cvss 6.4epss 0.00

    The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for…

  • CVE-2026-1558MedFeb 27, 2026
    risk 0.34cvss 5.3epss 0.00

    The WP Recipe Maker plugin for WordPress is vulnerable to an Insecure Direct Object Reference (IDOR) in versions up to, and including, 10.3.2. This is due to the /wp-json/wp-recipe-maker/v1/integrations/instacart REST API endpoint's permission_callback being set to __return_true…

  • CVE-2025-62897MedOct 27, 2025
    risk 0.34cvss 5.3epss 0.00

    Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Brecht WP Recipe Maker wp-recipe-maker allows Code Injection.This issue affects WP Recipe Maker: from n/a through < 10.1.0.

  • CVE-2023-6970MedJan 18, 2024
    risk 0.34cvss 6.1epss 0.01

    The WP Recipe Maker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘Referer' header in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to…

  • CVE-2024-0380MedFeb 5, 2024
    risk 0.29cvss 5.4epss 0.01

    The WP Recipe Maker plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 9.1.0 via the 'icon' attribute used in Shortcodes. This makes it possible for authenticated attackers, with contributor-level access and above, to include the…

  • CVE-2026-24357MedJan 22, 2026
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in Brecht WP Recipe Maker wp-recipe-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Recipe Maker: from n/a through <= 10.2.4.

  • CVE-2024-1571MedApr 9, 2024
    risk 0.22cvss 4.4epss 0.00

    The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video Embed parameter in all versions up to, and including, 9.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…

  • CVE-2025-14742MedFeb 25, 2026
    risk 0.21cvss 4.3epss 0.00

    The WP Recipe Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajax_search_recipes' and 'ajax_get_recipe' functions in all versions up to, and including, 10.2.3. This makes it possible for authenticated attackers,…

  • CVE-2025-15527MedJan 16, 2026
    risk 0.21cvss 4.3epss 0.00

    The WP Recipe Maker plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 10.2.2 via the api_get_post_summary function due to insufficient restrictions on which posts can be retrieved. This makes it possible for authenticated attackers,…

  • CVE-2022-4468Jan 9, 2023
    risk 0.00cvss epss 0.01

    The WP Recipe Maker WordPress plugin before 8.6.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used…