cleantalk
Vulnerabilities and Security Researches

WP Recipe Maker, CVE-2025-15527

CVE, Research URL

CVE-2025-15527

Home page URL

Security reports for WP Recipe Maker

Application

WP Recipe Maker

Published on
Jan 16, 2026
Research Description
The WP Recipe Maker plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 10.2.2 via the api_get_post_summary function due to insufficient restrictions on which posts can be retrieved. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from posts they may not be able to edit or read otherwise. This also affects password protected, private, or draft posts that they should not have access to.
Affected versions
max 10.2.3.
Status
vulnerable
Previous vulnerability researches
WP Recipe Maker (CVE-2024-9650) , Oct 24, 2024
WP Recipe Maker (CVE-2025-62897) , Nov 10, 2025
WP Recipe Maker (CVE-2026-24357) , Jan 27, 2026
WP Recipe Maker (CVE-2025-15527) , Jan 27, 2026
WP Recipe Maker (CVE-2025-14385) , Jan 27, 2026
New vulnerability
MC4WP: Mailchimp for WordPress , Jan 30, 2026
APPExperts – Mobile App Builder for WordPress | WooCommerce to iOS and Android Apps (CVE-2025-68881) , Jan 28, 2026
Simple Calendar – Google Calendar Plugin (CVE-2025-68979) , Jan 28, 2026
Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form (CVE-2025-14901) , Jan 28, 2026
IMGspider – 图片采集抓取插件 (CVE-2026-22482) , Jan 28, 2026