cleantalk
Vulnerabilities and Security Researches

Cooked – Recipe Management, CVE-2024-41816

CVE, Research URL

CVE-2024-41816

Home page URL

Security reports for Cooked – Recipe Management

Application

Cooked – Recipe Management

Published on
Aug 06, 2024
Research Description
Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the ‘[cooked-timer]’ shortcode in versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with subscriber-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses a compromised page. This issue has been addressed in release version 1.8.1. All users are advised to upgrade. There are no known workarounds for this vulnerability.
Affected versions
max 1.8.1.
Status
vulnerable
Previous vulnerability researches
Cooked – Recipe Management (CVE-2023-33999) , Jun 12, 2026
Cooked – Recipe Management (CVE-2021-24233) , Jun 10, 2024
Cooked – Recipe Management (CVE-2025-62989) , Jan 11, 2026
Cooked – Recipe Management (CVE-2025-68586) , Jan 11, 2026
Cooked – Recipe Management (CVE-2023-44477) , Jun 10, 2024
New vulnerability
Spotlight Social Feeds [Block, Shortcode, and Widget] (CVE-2023-33999) , Jun 12, 2026
Surbma | GDPR Proof Cookie Consent & Notice Bar (CVE-2023-33999) , Jun 12, 2026
TK Google Fonts GDPR Compliant (CVE-2023-33999) , Jun 12, 2026
Video Player for YouTube (CVE-2023-33999) , Jun 12, 2026
Customize WordPress Emails and Alerts – Better Notifications for WP (CVE-2023-33999) , Jun 12, 2026