Site icon Astra Security Blog

Reflected XSS vulnerability found in ‘Cooked Pro – Recipe Plugin v1.7.5.5’ for WordPress – Update Immediately

Reflected Cross-site Scripting (XSS) vulnerability was discovered in the WordPress plugin “Cooked Pro” version 1.7.5.5 at multiple places which could enable an attacker to perform malicious actions.

Cooked Pro for WordPress allows its users to create & display recipes on a WordPress site. Other features offered by this plugin are – SEO optimized (rich snippets), galleries, cooking timers, printable recipes, and more. A free version of the plugin is also available in the WordPress plugin directory, which is not affected by this vulnerability.

Astra Security Threat Intelligence team led by Jinson Varghese discovered this vulnerability in the Cooked Pro plugin version 1.7.5.5 on 18th March 2021 and immediately contacted the plugin developers on the same day.

Here’s the complete vulnerability disclosure timeline:

If you are one of the customers of Boxy Studio using their Cooked Pro plugin for your WordPress, it is highly recommended that you should update the plugin to its fully patched version 1.7.5.6.

If you are using Astra Security Suite – WordPress Firewall & Malware Scanner then your site is secured against this vulnerability.

If you are not using Astra Security and are hacked follow this step-by-step WordPress malware removal guide to restore your website.

Astra Security Suite – WordPress Security Plugin Can Help Secure Your Site

Astra Security Suite –  WordPress security plugin, is the go-to security suite for your WordPress website. With Astra Security Suite, you don’t have to worry about any malware, credit card hack, SQLi, XSS, SEO Spam, comments spam, brute force & 100+ types of threats. This means you can get rid of other security plugins & let Astra Security take care of it all.

If you’re a WP plugin or theme developer then you can follow this DIY security audit guide to make sure that your plugin has no security loopholes.

Exit mobile version