1. Home
  2. CVE Database
  3. CVE-2024-39682
MEDIUM · 6.4

CVE-2024-39682

Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output es...

Vulnerability Description

Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with contributor-level access and above to inject arbitrary HTML in pages that will be shown whenever a user accesses a compromised page. This issue has been addressed in release version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS Score

6.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality
NONE
Integrity
LOW
Availability
LOW

Affected Products

VendorProductVersions
BoxystudioCooked< 1.8.0

Related Weaknesses (CWE)

CWE-116CWE-79

References

FAQ

What is CVE-2024-39682?

CVE-2024-39682 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output es...

How severe is CVE-2024-39682?

CVE-2024-39682 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-39682?

Check the references section above for vendor advisories and patch information. Affected products include: Boxystudio Cooked.