CVE-2023-6970

MEDIUM NUCLEI

Bootstrapped WP Recipe Maker < 9.1.0 - XSS

Title source: rule

Description

The WP Recipe Maker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘Referer' header in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Nuclei Templates (1)

WP Recipe Maker <= 9.1.0 - Reflected XSS via Referer Header

MEDIUMVERIFIEDby Shivam Kamboj

References (2)

[Patch] https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/templates/public/print.php

[Third Party Advisory] https://www.wordfence.com/threat-intel/vulnerabilities/id/20842e95-4b91-4138-9e32-7c090724bf64?source=cve

Scores

CVSS v3 6.1

EPSS 0.1635

EPSS Percentile 94.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

bootstrapped/wp_recipe_maker < 9.1.0

brechtvds/WP Recipe Maker < 9.1.0

Published Jan 18, 2024

Tracked Since Feb 18, 2026