WordPress Plugin Vulnerabilities

Tasty Recipes Lite < 1.1.6 - Missing Authorization

Description

The Tasty Recipes Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.1.5. This makes it possible for authenticated attackers, with contributor-level access and above, to perform an unauthorized action.

Affects Plugins

Plugin icon
tasty-recipes-lite
Fixed in 1.1.6

References

CVE
CVE-2025-62132
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/f43bef8a-0df5-43f8-a87d-5f482b14a3c6

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
daroo
Verified
No
WPVDB ID
8b6c4a80-8345-4634-a6ad-849c02bbd71e

Timeline

Publicly Published
2025-12-31 (about 5 months ago)
Added
2026-01-05 (about 5 months ago)
Last Updated
2026-01-13 (about 5 months ago)

Other

Published
Title
Published
2024-07-08
Title
User Profile Builder < 3.11.8 - Unauthenticated Media Upload
Published
2026-05-13
Title
User Registration & Membership < 5.1.6 - Unauthenticated Missing Authorization to Admin Approval Bypass via 'action' Parameter
Published
2025-06-19
Title
WP Customer Area <= 8.3.4 - Missing Authorization
Published
2025-12-05
Title
g-FFL Cockpit < 1.8.0 - Missing Authorization to Unauthenticated Information Exposure
Published
2024-03-26
Title
WholesaleX < 1.3.2 - Authenticated(Subscriber+) Missing Authorization via multiple AJAX actions