Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for wp_delicious by wpdelicious

    CVE-2024-7626 (GCVE-0-2024-7626)

    Vulnerability from nvd – Published: 2024-09-11 07:31 – Updated: 2026-04-08 16:47
    VLAI
    Title
    WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) <= 1.6.9 - Improper Path Validation to Authenticated (Subscriber+) Arbitrary File Move and Read
    Summary
    The WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) plugin for WordPress is vulnerable to arbitrary file movement and reading due to insufficient file path validation in the save_edit_profile_details() function in all versions up to, and including, 1.6.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to move arbitrary files on the server, which can easily lead to remote code execution when the right file is moved (such as wp-config.php). This can also lead to the reading of arbitrary files that may contain sensitive information like wp-config.php.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    Impacted products
    Vendor Product Version
    wpdelicious WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) Affected: 0 , ≤ 1.6.9 (semver)
    Create a notification for this product.
    wpdelicious wpdelicious Affected: 0 , ≤ 1.6.9 (semver)
        cpe:2.3:a:wpdelicious:wpdelicious:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Connor Billings
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:wpdelicious:wpdelicious:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "wpdelicious",
                "vendor": "wpdelicious",
                "versions": [
                  {
                    "lessThanOrEqual": "1.6.9",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7626",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-11T15:00:23.231389Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-11T15:04:00.065Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WP Delicious \u2013 Recipe Plugin for Food Bloggers (formerly Delicious Recipes)",
              "vendor": "wpdelicious",
              "versions": [
                {
                  "lessThanOrEqual": "1.6.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Connor Billings"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The WP Delicious \u2013 Recipe Plugin for Food Bloggers (formerly Delicious Recipes) plugin for WordPress is vulnerable to arbitrary file movement and reading due to insufficient file path validation in the save_edit_profile_details() function in all versions up to, and including, 1.6.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to move arbitrary files on the server, which can easily lead to remote code execution when the right file is moved (such as wp-config.php). This can also lead to the reading of arbitrary files that may contain sensitive information like wp-config.php."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73 External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:47:28.700Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3c98bb53-9f7e-4ab3-9676-e3dbfb4a0519?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/delicious-recipes/tags/1.6.7/src/dashboard/class-delicious-recipes-form-handler.php#L260"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/delicious-recipes/tags/1.6.7/src/dashboard/class-delicious-recipes-form-handler.php#L355"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3148996/delicious-recipes/trunk/src/dashboard/class-delicious-recipes-form-handler.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-09-10T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "WP Delicious \u2013 Recipe Plugin for Food Bloggers (formerly Delicious Recipes) \u003c= 1.6.9 - Improper Path Validation to Authenticated (Subscriber+) Arbitrary File Move and Read"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-7626",
        "datePublished": "2024-09-11T07:31:32.430Z",
        "dateReserved": "2024-08-08T19:19:50.185Z",
        "dateUpdated": "2026-04-08T16:47:28.700Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-43935 (GCVE-0-2024-43935)

    Vulnerability from nvd – Published: 2024-08-29 18:08 – Updated: 2026-04-28 16:10
    VLAI
    Title
    WordPress WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) plugin <= 1.6.7 - Cross Site Scripting (XSS) vulnerability
    Summary
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Delicious Delicious Recipes – WordPress Recipe Plugin allows Stored XSS.This issue affects Delicious Recipes – WordPress Recipe Plugin: from n/a through 1.6.7.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    References
    Impacted products
    Credits
    NGÔ THIÊN AN / ancorn_ from VNPT-VCI (Patchstack Alliance)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-43935",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-29T18:16:37.654964Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-29T18:16:46.071Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "delicious-recipes",
              "product": "Delicious Recipes \u2013 WordPress Recipe Plugin",
              "vendor": "WP Delicious",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.6.8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "1.6.7",
                  "status": "affected",
                  "version": "n/a",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "NG\u00d4 THI\u00caN AN / ancorn_ from VNPT-VCI (Patchstack Alliance)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in WP Delicious Delicious Recipes \u2013 WordPress Recipe Plugin allows Stored XSS.\u003cp\u003eThis issue affects Delicious Recipes \u2013 WordPress Recipe Plugin: from n/a through 1.6.7.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in WP Delicious Delicious Recipes \u2013 WordPress Recipe Plugin allows Stored XSS.This issue affects Delicious Recipes \u2013 WordPress Recipe Plugin: from n/a through 1.6.7."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592 Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:10:13.926Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/vulnerability/delicious-recipes/wordpress-wp-delicious-recipe-plugin-for-food-bloggers-formerly-delicious-recipes-plugin-1-6-7-cross-site-scripting-xss-vulnerability?_s_id=cve"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to 1.6.8 or a higher version."
                }
              ],
              "value": "Update to 1.6.8 or a higher version."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress WP Delicious \u2013 Recipe Plugin for Food Bloggers (formerly Delicious Recipes) plugin \u003c= 1.6.7 - Cross Site Scripting (XSS) vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2024-43935",
        "datePublished": "2024-08-29T18:08:32.318Z",
        "dateReserved": "2024-08-18T21:56:29.384Z",
        "dateUpdated": "2026-04-28T16:10:13.926Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-7626 (GCVE-0-2024-7626)

    Vulnerability from cvelistv5 – Published: 2024-09-11 07:31 – Updated: 2026-04-08 16:47
    VLAI
    Title
    WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) <= 1.6.9 - Improper Path Validation to Authenticated (Subscriber+) Arbitrary File Move and Read
    Summary
    The WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) plugin for WordPress is vulnerable to arbitrary file movement and reading due to insufficient file path validation in the save_edit_profile_details() function in all versions up to, and including, 1.6.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to move arbitrary files on the server, which can easily lead to remote code execution when the right file is moved (such as wp-config.php). This can also lead to the reading of arbitrary files that may contain sensitive information like wp-config.php.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    Impacted products
    Vendor Product Version
    wpdelicious WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) Affected: 0 , ≤ 1.6.9 (semver)
    Create a notification for this product.
    wpdelicious wpdelicious Affected: 0 , ≤ 1.6.9 (semver)
        cpe:2.3:a:wpdelicious:wpdelicious:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Connor Billings
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:wpdelicious:wpdelicious:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "wpdelicious",
                "vendor": "wpdelicious",
                "versions": [
                  {
                    "lessThanOrEqual": "1.6.9",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7626",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-11T15:00:23.231389Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-11T15:04:00.065Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WP Delicious \u2013 Recipe Plugin for Food Bloggers (formerly Delicious Recipes)",
              "vendor": "wpdelicious",
              "versions": [
                {
                  "lessThanOrEqual": "1.6.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Connor Billings"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The WP Delicious \u2013 Recipe Plugin for Food Bloggers (formerly Delicious Recipes) plugin for WordPress is vulnerable to arbitrary file movement and reading due to insufficient file path validation in the save_edit_profile_details() function in all versions up to, and including, 1.6.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to move arbitrary files on the server, which can easily lead to remote code execution when the right file is moved (such as wp-config.php). This can also lead to the reading of arbitrary files that may contain sensitive information like wp-config.php."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73 External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:47:28.700Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3c98bb53-9f7e-4ab3-9676-e3dbfb4a0519?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/delicious-recipes/tags/1.6.7/src/dashboard/class-delicious-recipes-form-handler.php#L260"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/delicious-recipes/tags/1.6.7/src/dashboard/class-delicious-recipes-form-handler.php#L355"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3148996/delicious-recipes/trunk/src/dashboard/class-delicious-recipes-form-handler.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-09-10T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "WP Delicious \u2013 Recipe Plugin for Food Bloggers (formerly Delicious Recipes) \u003c= 1.6.9 - Improper Path Validation to Authenticated (Subscriber+) Arbitrary File Move and Read"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-7626",
        "datePublished": "2024-09-11T07:31:32.430Z",
        "dateReserved": "2024-08-08T19:19:50.185Z",
        "dateUpdated": "2026-04-08T16:47:28.700Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-43935 (GCVE-0-2024-43935)

    Vulnerability from cvelistv5 – Published: 2024-08-29 18:08 – Updated: 2026-04-28 16:10
    VLAI
    Title
    WordPress WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) plugin <= 1.6.7 - Cross Site Scripting (XSS) vulnerability
    Summary
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Delicious Delicious Recipes – WordPress Recipe Plugin allows Stored XSS.This issue affects Delicious Recipes – WordPress Recipe Plugin: from n/a through 1.6.7.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    References
    Impacted products
    Credits
    NGÔ THIÊN AN / ancorn_ from VNPT-VCI (Patchstack Alliance)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-43935",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-29T18:16:37.654964Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-29T18:16:46.071Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "delicious-recipes",
              "product": "Delicious Recipes \u2013 WordPress Recipe Plugin",
              "vendor": "WP Delicious",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.6.8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "1.6.7",
                  "status": "affected",
                  "version": "n/a",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "NG\u00d4 THI\u00caN AN / ancorn_ from VNPT-VCI (Patchstack Alliance)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in WP Delicious Delicious Recipes \u2013 WordPress Recipe Plugin allows Stored XSS.\u003cp\u003eThis issue affects Delicious Recipes \u2013 WordPress Recipe Plugin: from n/a through 1.6.7.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in WP Delicious Delicious Recipes \u2013 WordPress Recipe Plugin allows Stored XSS.This issue affects Delicious Recipes \u2013 WordPress Recipe Plugin: from n/a through 1.6.7."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592 Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:10:13.926Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/vulnerability/delicious-recipes/wordpress-wp-delicious-recipe-plugin-for-food-bloggers-formerly-delicious-recipes-plugin-1-6-7-cross-site-scripting-xss-vulnerability?_s_id=cve"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to 1.6.8 or a higher version."
                }
              ],
              "value": "Update to 1.6.8 or a higher version."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress WP Delicious \u2013 Recipe Plugin for Food Bloggers (formerly Delicious Recipes) plugin \u003c= 1.6.7 - Cross Site Scripting (XSS) vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2024-43935",
        "datePublished": "2024-08-29T18:08:32.318Z",
        "dateReserved": "2024-08-18T21:56:29.384Z",
        "dateUpdated": "2026-04-28T16:10:13.926Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }