cleantalk
Vulnerabilities and Security Researches

WP Recipe Maker, CVE-2025-14742

CVE, Research URL

CVE-2025-14742

Home page URL

Security reports for WP Recipe Maker

Application

WP Recipe Maker

Published on
Feb 25, 2026
Research Description
The WP Recipe Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajax_search_recipes' and 'ajax_get_recipe' functions in all versions up to, and including, 10.2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive recipe information including draft, pending, and private recipes that they shouldn't be able to access.
Affected versions
max 10.2.3.
Status
vulnerable
Previous vulnerability researches
Hello Elementor (CVE-2024-31289) , Jun 10, 2024
Envo's Elementor Templates & Widgets for WooCommerce (CVE-2024-43292) , Aug 20, 2024
Envo's Elementor Templates & Widgets for WooCommerce (CVE-2024-0766) , Jun 10, 2024
Envo's Elementor Templates & Widgets for WooCommerce (CVE-2024-35167) , Jun 10, 2024
Envo's Elementor Templates & Widgets for WooCommerce (CVE-2024-50447) , Oct 27, 2024
New vulnerability
WP Booking Calendar (CVE-2026-32358) , Mar 29, 2026
Subscriptions for WooCommerce – Subscription Plugin for Collecting Recurring Revenue, Sell Membership Subscription Servic (CVE-2026-24372) , Mar 29, 2026
Meta Box – WordPress Custom Fields Framework (CVE-2025-14675) , Mar 29, 2026
Admin and Site Enhancements (ASE) (CVE-2026-32423) , Mar 29, 2026
Royal Elementor Addons and Templates (CVE-2026-28135) , Mar 29, 2026