Filtered by vendor Boxystudio
Subscribe
Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-44477 | 1 Boxystudio | 1 Cooked | 2024-11-21 | N/A | 6.5 MEDIUM |
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Boxy Studio Cooked plugin <= 1.7.13 versions. | |||||
CVE-2022-3900 | 1 Boxystudio | 1 Cooked | 2024-11-21 | N/A | 9.8 CRITICAL |
The Cooked Pro WordPress plugin before 1.7.5.7 does not properly validate or sanitize the recipe_args parameter before unserializing it in the cooked_loadmore action, allowing an unauthenticated attacker to trigger a PHP Object injection vulnerability. | |||||
CVE-2022-36399 | 1 Boxystudio | 1 Booked | 2024-11-21 | N/A | 5.3 MEDIUM |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BoxyStudio Booked - Appointment Booking for WordPress | Calendars.This issue affects Booked - Appointment Booking for WordPress | Calendars: from n/a before 2.4.4. | |||||
CVE-2021-24233 | 1 Boxystudio | 1 Cooked | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
The Cooked Pro WordPress plugin before 1.7.5.6 was affected by unauthenticated reflected Cross-Site Scripting issues, due to improper sanitisation of user input while being output back in pages as an arbitrary attribute. | |||||
CVE-2024-49290 | 1 Boxystudio | 1 Cooked | 2024-10-22 | N/A | 8.8 HIGH |
Cross-Site Request Forgery (CSRF) vulnerability in Gora Tech LLC Cooked Pro allows Cross Site Request Forgery.This issue affects Cooked Pro: from n/a before 1.8.0. |