Vulnerabilities > Boxystudio
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-20 | CVE-2024-49290 | Cross-Site Request Forgery (CSRF) vulnerability in Boxystudio Cooked 1.7.5.6/1.7.5.7 Cross-Site Request Forgery (CSRF) vulnerability in Gora Tech LLC Cooked Pro allows Cross Site Request Forgery.This issue affects Cooked Pro: from n/a before 1.8.0. | 8.8 |
| 2024-08-05 | CVE-2024-41816 | Cross-site Scripting vulnerability in Boxystudio Cooked Cooked is a recipe plugin for WordPress. | 5.4 |
| 2024-07-18 | CVE-2024-39678 | Cross-Site Request Forgery (CSRF) vulnerability in Boxystudio Cooked Cooked is a recipe plugin for WordPress. | 8.8 |
| 2024-07-18 | CVE-2024-39679 | Cross-Site Request Forgery (CSRF) vulnerability in Boxystudio Cooked Cooked is a recipe plugin for WordPress. | 8.8 |
| 2024-07-18 | CVE-2024-39680 | Cross-Site Request Forgery (CSRF) vulnerability in Boxystudio Cooked Cooked is a recipe plugin for WordPress. | 8.8 |
| 2024-07-18 | CVE-2024-39681 | Cross-Site Request Forgery (CSRF) vulnerability in Boxystudio Cooked Cooked is a recipe plugin for WordPress. | 8.8 |
| 2024-07-18 | CVE-2024-39682 | Cross-site Scripting vulnerability in Boxystudio Cooked Cooked is a recipe plugin for WordPress. | 5.4 |
| 2024-06-13 | CVE-2024-37308 | Cross-site Scripting vulnerability in Boxystudio Cooked The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the `_recipe_settings[post_title]` parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. | 5.4 |
| 2023-12-28 | CVE-2022-36399 | Unspecified vulnerability in Boxystudio Booked Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BoxyStudio Booked - Appointment Booking for WordPress | Calendars.This issue affects Booked - Appointment Booking for WordPress | Calendars: from n/a before 2.4.4. | 7.5 |
| 2023-10-02 | CVE-2023-44477 | Unspecified vulnerability in Boxystudio Cooked 1.7.5.6/1.7.5.7 Auth. | 5.4 |