911 Hack Removal

Reflected XSS vulnerability found in ‘Cooked Pro – Recipe Plugin v1.7.5.5’ for WordPress – Update Immediately

Updated on: June 21, 2021

Reflected XSS vulnerability found in ‘Cooked Pro – Recipe Plugin v1.7.5.5’ for WordPress – Update Immediately

Reflected Cross-site Scripting (XSS) vulnerability was discovered in the WordPress plugin “Cooked Pro” version 1.7.5.5 at multiple places which could enable an attacker to perform malicious actions.

Cooked Pro for WordPress allows its users to create & display recipes on a WordPress site. Other features offered by this plugin are – SEO optimized (rich snippets), galleries, cooking timers, printable recipes, and more. A free version of the plugin is also available in the WordPress plugin directory, which is not affected by this vulnerability.

Stored XSS vulnerability in Cooked - Recipe Plugin version 1.7.8.4

Astra Security Threat Intelligence team led by Jinson Varghese discovered this vulnerability in the Cooked Pro plugin version 1.7.5.5 on 18th March 2021 and immediately contacted the plugin developers on the same day.

Here’s the complete vulnerability disclosure timeline:

  • March 18, 2021 – Astra Security Threat Intelligence team discovers and analyzes the reflected XSS vulnerability (CVE-2021-24233).
  • March 18, 2021 – Full vulnerability disclosure sent to the plugin’s developers Boxy Studio.
  • March 20, 2021 – Astra Security received a response from the plugin’s dev team that the patch should be available in few days.
  • March 30, 2021 – Patched version of the plugin released (v1.7.5.6)

If you are one of the customers of Boxy Studio using their Cooked Pro plugin for your WordPress, it is highly recommended that you should update the plugin to its fully patched version 1.7.5.6.

If you are using Astra Security Suite – WordPress Firewall & Malware Scanner then your site is secured against this vulnerability.

If you are not using Astra Security and are hacked follow this step-by-step WordPress malware removal guide to restore your website.

Astra Security Suite – WordPress Security Plugin Can Help Secure Your Site

Astra Security Suite –  WordPress security plugin, is the go-to security suite for your WordPress website. With Astra Security Suite, you don’t have to worry about any malware, credit card hack, SQLi, XSS, SEO Spam, comments spam, brute force & 100+ types of threats. This means you can get rid of other security plugins & let Astra Security take care of it all.

If you’re a WP plugin or theme developer then you can follow this DIY security audit guide to make sure that your plugin has no security loopholes.

Was this post helpful?

Tags: , , , , ,

Kanishk Tagade

Kanishk Tagade is a Marketing Manager at Astra Security. Having a hawk-eyed view on the cybersecurity threat landscape, market-shifts, and hacktivism activities, Kanishk is a community member of the Nasscom and corporate contributor at many technology magazines and security awareness platforms. Editor-in-Chief at "QuickCyber.news", his work is published in more than 50+ news platforms. He is also a social micro-influencer for the latest cybersecurity defense mechanisms, Digital Transformation, Machine Learning, AI and IoT products.
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments

Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands
of websites and businesses worldwide.

Our suite of security products include firewall, malware scanner and security audits to protect your site from the
evil forces on the internet, even when you sleep.

earth spiders cards bugs spiders

Made with ❤️ in USA France India Germany