Iamr3N0

**Name of the Vulnerable Software and Affected Versions** Cooked plugin for WordPress versions up to, and including, 1.8.0 **Description** The issue is related to Persistent Cross-Site Scripting (XSS) via the `[cooked-timer]` shortcode due to insufficient input sanitization and output escaping. This allows authenticated attackers with subscriber-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses a compromised page. **Recommendations** For Cooked plugin for WordPress versions up to, and including, 1.8.0, upgrade to release version 1.8.1 to address the issue.

**Name of the Vulnerable Software and Affected Versions** Cooked versions up to, and including, 1.7.15.4 **Description** The Cooked plugin for WordPress is affected by a Cross-Site Request Forgery (CSRF) issue due to missing or incorrect nonce validation on the AJAX action handler. This could allow an attacker to trick users into performing unintended actions under their current authentication. **Recommendations** For versions up to, and including, 1.7.15.4, upgrade to release version 1.8.0 to address the issue. As a temporary workaround, consider restricting access to the AJAX action handler until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** Cooked plugin for WordPress versions up to, and including, 1.7.15.4 **Description** The issue is related to Cross-Site Request Forgery (CSRF) due to missing or incorrect nonce validation on the AJAX action handler. This could allow an attacker to trick users into performing unintended actions under their current authentication. The problem has been addressed in release version 1.8.0. **Recommendations** For versions up to, and including, 1.7.15.4, upgrade to release version 1.8.0 to resolve the issue. As a temporary workaround, consider restricting access to the AJAX action handler until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** Cooked plugin for WordPress versions up to, and including, 1.7.15.4 **Description** The issue is related to Cross-Site Request Forgery (CSRF) due to missing or incorrect nonce validation on the AJAX action handler. This could allow an attacker to trick users into performing unintended actions under their current authentication. **Recommendations** For versions up to, and including, 1.7.15.4, upgrade to release version 1.8.0 to address the issue. As a temporary workaround, consider restricting access to the AJAX action handler until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** Cooked plugin for WordPress versions up to, and including, 1.7.15.4 **Description** The Cooked plugin for WordPress is vulnerable to HTML Injection due to insufficient input sanitization and output escaping. This issue allows authenticated attackers with contributor-level access and above to inject arbitrary HTML in pages that will be shown whenever a user accesses a compromised page. **Recommendations** For versions up to, and including, 1.7.15.4, upgrade to release version 1.8.0 to address the issue.

**Name of the Vulnerable Software and Affected Versions** Cooked plugin for WordPress versions up to, and including, 1.7.15.4 **Description** The issue is related to Cross-Site Request Forgery (CSRF) due to missing or incorrect nonce validation on the AJAX action handler. This could allow an attacker to trick users into performing unintended actions under their current authentication. The problem has been addressed in release version 1.8.0. **Recommendations** For versions up to, and including, 1.7.15.4, upgrade to release version 1.8.0 to resolve the issue. As a temporary workaround, consider restricting access to the AJAX action handler until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** The Cooked Pro recipe plugin for WordPress versions up to, and including, 1.7.15.4 **Description** The issue is related to Persistent Cross-Site Scripting (XSS) via the ` recipe settings[post title]` parameter due to insufficient input sanitization and output escaping. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses a compromised page. **Recommendations** For versions up to, and including, 1.7.15.4, update to version 1.8.0, which includes the patch for this issue. As a temporary workaround, consider restricting access to the ` recipe settings[post title]` parameter to minimize the risk of exploitation.