Vulnerability Description
The Cooked Pro WordPress plugin before 1.7.5.6 was affected by unauthenticated reflected Cross-Site Scripting issues, due to improper sanitisation of user input while being output back in pages as an arbitrary attribute.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Boxystudio | Cooked | < 1.7.5.6 |
Related Weaknesses (CWE)
References
- https://wpscan.com/vulnerability/ed620de5-1ad2-4480-b08b-719480472bc0ExploitThird Party Advisory
- https://www.getastra.com/blog/911/reflected-xss-found-in-cooked-pro-recipe-plugiThird Party Advisory
- https://www.jinsonvarghese.com/reflected-xss-vulnerability-found-in-cooked-pro-pThird Party Advisory
- https://wpscan.com/vulnerability/ed620de5-1ad2-4480-b08b-719480472bc0ExploitThird Party Advisory
- https://www.getastra.com/blog/911/reflected-xss-found-in-cooked-pro-recipe-plugiThird Party Advisory
- https://www.jinsonvarghese.com/reflected-xss-vulnerability-found-in-cooked-pro-pThird Party Advisory
FAQ
What is CVE-2021-24233?
CVE-2021-24233 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The Cooked Pro WordPress plugin before 1.7.5.6 was affected by unauthenticated reflected Cross-Site Scripting issues, due to improper sanitisation of user input while being output back in pages as an ...
How severe is CVE-2021-24233?
CVE-2021-24233 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-24233?
Check the references section above for vendor advisories and patch information. Affected products include: Boxystudio Cooked.