2026-02-25 09:26:50
Wordfence
PUBLISHED
The WP Recipe Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax_search_recipes and ajax_get_recipe functions in all versions up to, and including, 10.2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive recipe information including draft, pending, and private recipes that they shouldnt be able to access.