CVE-2023-6970
published 2024-01-18CVE-2023-6970: The WP Recipe Maker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘Referer' header in all versions up to, and including, 9.1.0…
PriorityP431medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
0.68%
47.7th percentile
The WP Recipe Maker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘Referer' header in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bootstrapped | wp_recipe_maker | <= 9.1.0 | — |
| brechtvds | wp_recipe_maker | <= 9.1.0 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
WP Recipe Maker Plugin up to 9.1.0 on WordPress Referer cross site scripting (ID 3019769)
vuldb·2026-04-11·CVSS 6.1
CVE-2023-6970 [MEDIUM] WP Recipe Maker Plugin up to 9.1.0 on WordPress Referer cross site scripting (ID 3019769)
A vulnerability, which was classified as problematic, was found in WP Recipe Maker Plugin up to 9.1.0 on WordPress. This impacts an unknown function of the component Referer Handler. Such manipulation leads to cross site scripting.
This vulnerability is traded as CVE-2023-6970. The attack may be launched remotely. There is no exploit available.
GHSA
GHSA-xgmr-mh2m-j5vq: The WP Recipe Maker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘Referer' header in all versions up to, and including
ghsa_unreviewed·2024-01-18
CVE-2023-6970 [MEDIUM] CWE-79 GHSA-xgmr-mh2m-j5vq: The WP Recipe Maker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘Referer' header in all versions up to, and including
The WP Recipe Maker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘Referer' header in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
No detection rules found.
Nuclei
WP Recipe Maker <= 9.1.0 - Reflected XSS via Referer Header
nuclei·CVSS 6.1
CVE-2023-6970 [MEDIUM] WP Recipe Maker <= 9.1.0 - Reflected XSS via Referer Header
WP Recipe Maker alert(document.domain)\""
matchers-condition: and
matchers:
- type: dsl
dsl:
- status_code == 200
- contains(body, 'wprm-print-button-back')
- contains(body, 'alert(document.domain)')
condition: and
# digest: 4b0a0048304602210091358d7e7ef1e0a86fa118ff3a0e4918014310b5c6c73d78cdcabf817d9aef61022100da29f8026cfd2e4ab1a80711ae4c0d92f51c13307a93ef5f738b269df3008b01:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/templates/public/print.phphttps://www.wordfence.com/threat-intel/vulnerabilities/id/20842e95-4b91-4138-9e32-7c090724bf64?source=cvehttps://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/templates/public/print.phphttps://www.wordfence.com/threat-intel/vulnerabilities/id/20842e95-4b91-4138-9e32-7c090724bf64?source=cve
2024-01-18
Published