CVE-2024-41816
CVSS V2 None
CVSS V3 None
Description
Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the ‘[cooked-timer]’ shortcode in versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with subscriber-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses a compromised page. This issue has been addressed in release version 1.8.1. All users are advised to upgrade. There are no known workarounds for this vulnerability.
Overview
- CVE ID
- CVE-2024-41816
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-08-05T20:12:41.428Z
- Last Modified Date
- 2024-08-05T20:12:41.428Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://github.com/XjSv/Cooked/security/advisories/GHSA-3gw3-2qjq-xqjj | x_refsource_CONFIRM |
https://github.com/XjSv/Cooked/commit/ac7455bdccc99fb2f5b3c7611312947c1623c3ec | x_refsource_MISC |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-41816 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41816 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-08-06 13:06:56 | Added to TrackCVE |