CVE-2025-14742

Name of the Vulnerable Software and Affected Versions WP Recipe Maker versions prior to 10.2.3

Description The WP Recipe Maker plugin for WordPress has a flaw that allows unauthorized access to recipe data. This is due to a missing capability check in the ajax search recipes and ajax get recipe functions. Attackers with Subscriber-level access or higher can retrieve sensitive recipe information, including drafts, pending recipes, and private recipes that they are not authorized to view.

Recommendations Update WP Recipe Maker to version 10.2.3 or later.