Vulnerabilities and security researches fordelicious-recipes delicious-recipes

Jun 06, 2024

CVE, Research URL: 69b9546984aa5697575c7b6215bb7578e9e1b2c0
Home page URL: Security reports for WP Delicious – Best WordPress Recipes Plugin (formerly Delicious Recipes)
Application: WP Delicious – Best WordPress Recipes Plugin (formerly Delicious Recipes)
Date: Feb 28, 2022
Research Description: WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) [delicious-recipes] < 1.5.3 WordPress Delicious Recipes – WordPress Recipe plugin <= 1.3.4 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress Delicious Recipes – WordPress Recipe plugin (versions <= 1.3.4).
Affected versions: Min -, max -.
Status: vulnerable

Aug 29, 2024

CVE, Research URL: CVE-2024-43935
Home page URL: Security reports for WP Delicious – Best WordPress Recipes Plugin (formerly Delicious Recipes)
Application: WP Delicious – Best WordPress Recipes Plugin (formerly Delicious Recipes)
Date: Aug 29, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Delicious Delicious Recipes – WordPress Recipe Plugin allows Stored XSS.This issue affects Delicious Recipes – WordPress Recipe Plugin: from n/a through 1.6.7.
Affected versions: Min -, max -.
Status: vulnerable

Sep 12, 2024

CVE, Research URL: CVE-2024-7626
Home page URL: Security reports for WP Delicious – Best WordPress Recipes Plugin (formerly Delicious Recipes)
Application: WP Delicious – Best WordPress Recipes Plugin (formerly Delicious Recipes)
Date: Sep 11, 2024
Research Description: The WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) plugin for WordPress is vulnerable to arbitrary file movement and reading due to insufficient file path validation in the save_edit_profile_details() function in all versions up to, and including, 1.6.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to move arbitrary files on the server, which can easily lead to remote code execution when the right file is moved (such as wp-config.php). This can also lead to the reading of arbitrary files that may contain sensitive information like wp-config.php.
Affected versions: Min -, max -.
Status: vulnerable

Nov 15, 2024

CVE, Research URL: CVE-2022-4974
Home page URL: Security reports for WP Delicious – Best WordPress Recipes Plugin (formerly Delicious Recipes)
Application: WP Delicious – Best WordPress Recipes Plugin (formerly Delicious Recipes)
Date: Oct 16, 2024
Research Description: The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Affected versions: Min -, max -.
Status: vulnerable

Jul 18, 2025

CVE, Research URL: CVE-2025-54023
Home page URL: Security reports for WP Delicious – Best WordPress Recipes Plugin (formerly Delicious Recipes)
Application: WP Delicious – Best WordPress Recipes Plugin (formerly Delicious Recipes)
Date: Jul 16, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Delicious WP Delicious allows DOM-Based XSS. This issue affects WP Delicious: from n/a through 1.8.4.
Affected versions: Min -, max -.
Status: vulnerable