Vulnerabilities and security researches fordelicious-recipes delicious-recipes

Jun 06, 2024

CVE, Research URL: 69b9546984aa5697575c7b6215bb7578e9e1b2c0
Home page URL: Security reports for WP Delicious – Best WordPress Recipes Plugin (formerly Delicious Recipes)
Application: WP Delicious – Best WordPress Recipes Plugin (formerly Delicious Recipes)
Date: Feb 28, 2022
Research Description: WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) [delicious-recipes] < 1.5.3 WordPress Delicious Recipes – WordPress Recipe plugin <= 1.3.4 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress Delicious Recipes – WordPress Recipe plugin (versions <= 1.3.4).
Affected versions: max 1.5.3.
Status: vulnerable

Aug 29, 2024

CVE, Research URL: CVE-2024-43935
Home page URL: Security reports for WP Delicious – Best WordPress Recipes Plugin (formerly Delicious Recipes)
Application: WP Delicious – Best WordPress Recipes Plugin (formerly Delicious Recipes)
Date: Aug 29, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Delicious Delicious Recipes – WordPress Recipe Plugin allows Stored XSS.This issue affects Delicious Recipes – WordPress Recipe Plugin: from n/a through 1.6.7.
Affected versions: max 1.6.8.
Status: vulnerable

Sep 12, 2024

CVE, Research URL: CVE-2024-7626
Home page URL: Security reports for WP Delicious – Best WordPress Recipes Plugin (formerly Delicious Recipes)
Application: WP Delicious – Best WordPress Recipes Plugin (formerly Delicious Recipes)
Date: Sep 11, 2024
Research Description: The WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) plugin for WordPress is vulnerable to arbitrary file movement and reading due to insufficient file path validation in the save_edit_profile_details() function in all versions up to, and including, 1.6.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to move arbitrary files on the server, which can easily lead to remote code execution when the right file is moved (such as wp-config.php). This can also lead to the reading of arbitrary files that may contain sensitive information like wp-config.php.
Affected versions: max 1.7.0.
Status: vulnerable

Nov 15, 2024

CVE, Research URL: CVE-2022-4974
Home page URL: Security reports for WP Delicious – Best WordPress Recipes Plugin (formerly Delicious Recipes)
Application: WP Delicious – Best WordPress Recipes Plugin (formerly Delicious Recipes)
Date: Oct 16, 2024
Research Description: The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Affected versions: max 1.3.5.
Status: vulnerable

Jul 18, 2025

CVE, Research URL: CVE-2025-54023
Home page URL: Security reports for WP Delicious – Best WordPress Recipes Plugin (formerly Delicious Recipes)
Application: WP Delicious – Best WordPress Recipes Plugin (formerly Delicious Recipes)
Date: Jul 16, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Delicious WP Delicious allows DOM-Based XSS. This issue affects WP Delicious: from n/a through 1.8.4.
Affected versions: max 1.8.5.
Status: vulnerable

Sep 05, 2025

CVE, Research URL: CVE-2025-58605
Home page URL: Security reports for WP Delicious – Best WordPress Recipes Plugin (formerly Delicious Recipes)
Application: WP Delicious – Best WordPress Recipes Plugin (formerly Delicious Recipes)
Date: Sep 03, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Delicious WP Delicious allows Stored XSS. This issue affects WP Delicious: from n/a through 1.8.7.
Affected versions: max 1.8.8.
Status: vulnerable

Nov 11, 2025

CVE, Research URL: CVE-2025-11755
Home page URL: Security reports for WP Delicious – Best WordPress Recipes Plugin (formerly Delicious Recipes)
Application: WP Delicious – Best WordPress Recipes Plugin (formerly Delicious Recipes)
Date: Nov 01, 2025
Research Description: The WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) plugin for WordPress is vulnerable to arbitrary file uploads when importing recipes via CSV in all versions up to, and including, 1.9.0. This flaw allows an attacker with at least Contributor-level permissions to upload a malicious PHP file by providing a remote URL during a recipe import process, leading to Remote Code Execution (RCE).
Affected versions: max 1.9.1.
Status: vulnerable