PT-2026-3217 · WordPress · Wp Recipe Maker
Dmitry Ignatyev
·
Published
2026-01-16
·
Updated
2026-01-16
·
CVE-2025-15527
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
WP Recipe Maker versions up to and including 10.2.2
Description
The WP Recipe Maker plugin for WordPress has an information exposure issue. Insufficient restrictions on post retrieval within the
api get post summary function allow authenticated attackers with Contributor-level access or higher to extract data from posts they should not be able to access. This includes password-protected, private, or draft posts.Recommendations
Update WP Recipe Maker to a version later than 10.2.2.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wp Recipe Maker