ByteOS Network

goratech

Source -

ADP

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

1Vulnerabilities found

CVE-2024-41816

Assigner-GitHub, Inc.

View Details

Assigner-GitHub, Inc.

CVSS Score-5.4||MEDIUM

EPSS-0.50% / 64.88%

7 Day CHG~0.00%

Published-05 Aug, 2024 | 20:12

Updated-07 Feb, 2025 | 16:36

WordPress Cooked Plugin Persistent Cross-Site Scripting via Shortcode

Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the ‘[cooked-timer]’ shortcode in versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with subscriber-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses a compromised page. This issue has been addressed in release version 1.8.1. All users are advised to upgrade. There are no known workarounds for this vulnerability.

Vendor-boxystudio XjSv goratech

Product-cooked Cooked cooked

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')