cleantalk
Vulnerabilities and Security Researches

WP Recipe Maker, CVE-2025-1503

CVE, Research URL

CVE-2025-1503

Home page URL

Security reports for WP Recipe Maker

Application

WP Recipe Maker

Published on
Mar 13, 2025
Research Description
The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Roundup Recipe Name field in all versions up to, and including, 9.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 9.8.1.
Status
vulnerable
Previous vulnerability researches
Ad Blocking Detector (CVE-2025-22732) , Jan 19, 2025
Ad Blocking Detector (CVE-2014-125093) , Jun 06, 2024
New vulnerability
Business Directory Plugin – Easy Listing Directories for WordPress (CVE-2024-13887) , Mar 14, 2025
AppPresser – Mobile App Framework (CVE-2025-1561) , Mar 14, 2025
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin (CVE-2025-1119) , Mar 14, 2025
CRM and Lead Management by vcita (CVE-2024-13703) , Mar 14, 2025
WP Recipe Maker (CVE-2025-1503) , Mar 14, 2025