WordPress Plugin Vulnerabilities

WP Ultimate Recipe <= 3.12.6 - Authenticated Stored XSS

Description

The WP Ultimate Recipe WordPress plugin was affected by an Authenticated Stored XSS security vulnerability.

Affects Plugins

Plugin icon
wp-ultimate-recipe
Fixed in 3.12.7

References

CVE
CVE-2019-15836
URL
https://plugins.trac.wordpress.org/changeset?reponame=&new=2111353%40wp-ultimate-recipe&old=2106025%40wp-ultimate-recipe

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
5.4 (medium)

Miscellaneous

Verified
No
WPVDB ID
29a4d72f-0ebe-4670-8b25-cd602149c57f

Timeline

Publicly Published
2019-06-26 (about 6 years ago)
Added
2019-06-26 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2020-06-10
Title
WordPress < 5.4.2 - Authenticated XSS in Block Editor
Published
2024-09-27
Title
Simple Popup Plugin < 4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2026-01-19
Title
Advanced iFrame < 2026.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-04-01
Title
Ebook Downloader <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-04-09
Title
Lock Your Updates <= 1.1 - Reflected Cross-Site Scripting