PT-2025-44716 · WordPress · Wp Delicious – Recipe Plugin For Food Bloggers+1
Matthew Rollings
+2
·
Published
2025-11-01
·
Updated
2025-11-01
·
CVE-2025-11755
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) versions prior to 1.9.1
Description
The WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) plugin for WordPress allows an attacker with Contributor-level permissions to upload malicious files. This occurs when importing recipes via CSV, specifically by providing a remote URL during the import process. Successful exploitation can lead to Remote Code Execution (RCE). The vulnerability involves arbitrary file uploads, enabling the attacker to upload a PHP file. The vulnerable component is the CSV import functionality.
Recommendations
Versions prior to 1.9.1 should be updated.
Fix
RCE
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Delicious Recipes
Wp Delicious – Recipe Plugin For Food Bloggers