PT-2025-44716 · WordPress · Wp Delicious – Recipe Plugin For Food Bloggers+1

·

CVE-2025-11755

·

Published

2025-11-01

·

Updated

2025-11-01

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) versions prior to 1.9.1
Description The WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) plugin for WordPress allows an attacker with Contributor-level permissions to upload malicious files. This occurs when importing recipes via CSV, specifically by providing a remote URL during the import process. Successful exploitation can lead to Remote Code Execution (RCE). The vulnerability involves arbitrary file uploads, enabling the attacker to upload a PHP file. The vulnerable component is the CSV import functionality.
Recommendations Versions prior to 1.9.1 should be updated.

Fix

RCE

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2025-11755

Affected Products

Delicious Recipes
Wp Delicious – Recipe Plugin For Food Bloggers