admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-11-28 18:48:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2024/CVE-2024-41816.md
0xMarcio 8654f5abb7 Update CVE sources 2024-08-11 18:44
2024-08-11 18:44:53 +00:00

18 lines
1.2 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

### [CVE-2024-41816](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41816)
![](https://img.shields.io/static/v1?label=Product&message=Cooked&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.8.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
### Description
Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the [cooked-timer] shortcode in versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with subscriber-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses a compromised page. This issue has been addressed in release version 1.8.1. All users are advised to upgrade. There are no known workarounds for this vulnerability.
### POC
#### Reference
- https://github.com/XjSv/Cooked/security/advisories/GHSA-3gw3-2qjq-xqjj
#### Github
- https://github.com/20142995/nuclei-templates
Reference in New Issue View Git Blame Copy Permalink