VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 5 known issues Latest disclosed Oct 15, 2024

Cooked Pro Vulnerabilities

Review known vulnerability records for the WordPress plugin Cooked Pro (`cooked-pro`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2024-49289, CVE-2024-49290 and CVE-2024-49291, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
5
High or Critical
2
Patch Coverage
100%
Last Updated
Oct 18, 2024
Priority CVE Quick Links

Fast paths into Cooked Pro CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
5
CVE-2024-49291 Critical 1.8.0
CVE-2024-49291 Cooked Pro Remote Code Execution

Cooked Pro < 1.8.0 - Unauthenticated Arbitrary File Upload

CVE-2022-3900 Critical 1.7.5.7
CVE-2022-3900 Cooked Pro Vulnerability

Cooked Pro < 1.7.5.7 - Unauthenticated PHP Object Injection

CVE-2024-49289 Medium 1.8.0
CVE-2024-49289 Cooked Pro Stored Cross-Site Scripting

Cooked Pro < 1.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2021-24233 Medium 1.7.5.6
CVE-2021-24233 Cooked Pro Cross-Site Scripting

Cooked Pro <= 1.7.5.5 - Reflected Cross-Site Scripting

CVE-2024-49290 Medium 1.8.0
CVE-2024-49290 Cooked Pro Cross-Site Request Forgery

Cooked Pro < 1.8.0 - Cross-Site Request Forgery

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Cooked Pro so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
5 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
2 critical and 0 high severity findings.
Recent CVEs
CVE-2024-49289, CVE-2024-49290 and CVE-2024-49291
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Cooked Pro

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2024-49289
CVE-2024-49289: Cooked Pro < 1.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Cooked Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to 1.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary we...

Published
Oct 15, 2024
Patched Release
1.8.0
Affected Versions
Versions before 1.8.0
Next Step
Update to 1.8.0 or newer if supported.
Open CVE-2024-49289 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-49290
CVE-2024-49290: Cooked Pro < 1.8.0 - Cross-Site Request Forgery

The Cooked Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to 1.8.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request...

Published
Oct 15, 2024
Patched Release
1.8.0
Affected Versions
Versions before 1.8.0
Next Step
Update to 1.8.0 or newer if supported.
Open CVE-2024-49290 Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2024-49291
CVE-2024-49291: Cooked Pro < 1.8.0 - Unauthenticated Arbitrary File Upload

The Cooked Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to 1.8.0 (exclusive). This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make rem...

Published
Oct 15, 2024
Patched Release
1.8.0
Affected Versions
Versions before 1.8.0
Next Step
Update to 1.8.0 or newer if supported.
Open CVE-2024-49291 Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2022-3900
CVE-2022-3900: Cooked Pro < 1.7.5.7 - Unauthenticated PHP Object Injection

The Cooked Pro plugin for WordPress is vulnerable to PHP Object Injection in versions up to, but not including, 1.7.5.7 via deserialization of untrusted input from the recipe_args parameter. This allows unauthenticated attackers to inject a PHP Object. If a POP chain is present v...

Published
Nov 21, 2022
Patched Release
1.7.5.7
Affected Versions
Versions before 1.7.5.7
Next Step
Update to 1.7.5.7 or newer if supported.
Open CVE-2022-3900 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2021-24233
CVE-2021-24233: Cooked Pro <= 1.7.5.5 - Reflected Cross-Site Scripting

The Cooked Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.7.5.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

Published
Mar 30, 2021
Patched Release
1.7.5.6
Affected Versions
Versions before 1.7.5.6
Next Step
Update to 1.7.5.6 or newer if supported.
Open CVE-2021-24233 Report Open CVE Reference