CVE-2024-0380

Name of the Vulnerable Software and Affected Versions WP Recipe Maker plugin for WordPress versions up to, and including, 9.1.0

Description The issue allows authenticated attackers with contributor-level access and above to perform Directory Traversal via the icon attribute used in Shortcodes. This can lead to the inclusion of SVG file contents on the server, potentially enabling Cross-Site Scripting attacks.

Recommendations For versions up to, and including, 9.1.0, consider disabling the use of the icon attribute in Shortcodes as a temporary workaround until a patch is available. Restrict access to Shortcode functionality to minimize the risk of exploitation.