WordPress · Cooked Pro Wordpress Plugin · CVE-2022-3900
**Name of the Vulnerable Software and Affected Versions**
Cooked Pro WordPress plugin versions prior to 1.7.5.7
**Description**
The issue arises from improper validation and sanitization of the `recipe args` parameter before unserializing it in the "cooked loadmore" action. This allows an unauthenticated attacker to trigger a PHP Object injection issue.
**Recommendations**
For versions prior to 1.7.5.7, update to version 1.7.5.7 or later to resolve the issue.
As a temporary workaround, consider restricting access to the "cooked loadmore" action to minimize the risk of exploitation.