VYPR

Cooked

by WordPress

Source repositories

CVEs (9)

  • CVE-2023-44477MedOct 2, 2023
    risk 0.42cvss 6.5epss 0.00

    Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Boxy Studio Cooked plugin <= 1.7.13 versions.

  • CVE-2025-62989MedDec 31, 2025
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gora Tech Cooked cooked allows Stored XSS.This issue affects Cooked: from n/a through <= 1.11.3.

  • CVE-2024-39682MedJul 18, 2024
    risk 0.35cvss 6.4epss 0.00

    Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with…

  • CVE-2025-68586MedDec 24, 2025
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in Gora Tech Cooked cooked allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cooked: from n/a through <= 1.11.3.

  • CVE-2024-41816MedAug 5, 2024
    risk 0.28cvss 5.4epss 0.00

    Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the ‘[cooked-timer]’ shortcode in versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping. This…

  • CVE-2024-39681MedJul 18, 2024
    risk 0.28cvss 5.4epss 0.00

    Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could allow an…

  • CVE-2024-39680MedJul 18, 2024
    risk 0.28cvss 5.4epss 0.00

    Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could allow an…

  • CVE-2024-39679MedJul 18, 2024
    risk 0.21cvss 4.3epss 0.00

    Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could allow an…

  • CVE-2024-39678MedJul 18, 2024
    risk 0.21cvss 4.3epss 0.00

    Cooked is a recipe plugin for WordPress. The Cooked plugin is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could allow an attacker to trick…

VYPR — Vulnerability Intelligence