Every CVE whose affected-product data names Boxystudio Cooked, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2022-3900 — CVSS 9.8 (critical): The Cooked Pro WordPress plugin before 1.7.5.7 does not properly validate or sanitize the recipe_args parameter before unserializing it in…
CVE-2023-44477 — CVSS 6.5 (medium): Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Boxy Studio Cooked plugin <= 1.7.13 versions.
CVE-2024-39682 — CVSS 6.4 (medium): Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to HTML Injection in versions up to, and including…
CVE-2021-24233 — CVSS 6.1 (medium): The Cooked Pro WordPress plugin before 1.7.5.6 was affected by unauthenticated reflected Cross-Site Scripting issues, due to improper…
CVE-2024-37308 — CVSS 5.4 (medium): The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the `_recipe_settings[post_title]`…
CVE-2024-41816 — CVSS 5.4 (medium): Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the…
CVE-2024-39680 — CVSS 5.4 (medium): Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up…
CVE-2024-39681 — CVSS 5.4 (medium): Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up…
CVE-2024-49290 — CVSS 4.3 (medium): Cross-Site Request Forgery (CSRF) vulnerability in Gora Tech LLC Cooked Pro allows Cross Site Request Forgery.This issue affects Cooked…
CVE-2024-39678 — CVSS 4.3 (medium): Cooked is a recipe plugin for WordPress. The Cooked plugin is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and…
CVE-2024-39679 — CVSS 4.3 (medium): Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up…