Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-3900 | 1 Boxystudio | 1 Cooked | 2022-12-14 | N/A | 9.8 CRITICAL |
The Cooked Pro WordPress plugin before 1.7.5.7 does not properly validate or sanitize the recipe_args parameter before unserializing it in the cooked_loadmore action, allowing an unauthenticated attacker to trigger a PHP Object injection vulnerability. | |||||
CVE-2021-24233 | 1 Boxystudio | 1 Cooked | 2021-04-29 | 4.3 MEDIUM | 6.1 MEDIUM |
The Cooked Pro WordPress plugin before 1.7.5.6 was affected by unauthenticated reflected Cross-Site Scripting issues, due to improper sanitisation of user input while being output back in pages as an arbitrary attribute. |