{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13667", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-11-25T16:38:36.070Z", "datePublished": "2026-01-07T09:20:52.180Z", "dateUpdated": "2026-04-08T16:36:29.657Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:36:29.657Z"}, "affected": [{"vendor": "tomiup", "product": "WP Recipe Manager", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.0.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The WP Recipe Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Skill Level' input field in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "title": "WP Recipe Manager <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Skill Level' Input Field", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/12b14418-28f0-4786-b8f8-a637fe007b6c?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-recipe-manager/trunk/inc/libs/class.metaboxes.php#L203"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-recipe-manager/tags/1.0.0/inc/libs/class.metaboxes.php#L203"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Camilla Flocco"}], "timeline": [{"time": "2026-01-06T20:28:14.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-07T16:09:56.180857Z", "id": "CVE-2025-13667", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-07T16:10:04.097Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-13667", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-07T16:09:56.180857Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-07T16:09:59.676Z"}}], "cna": {"title": "WP Recipe Manager <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Skill Level' Input Field", "credits": [{"lang": "en", "type": "finder", "value": "Camilla Flocco"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "tomiup", "product": "WP Recipe Manager", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.0.0"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-01-06T20:28:14.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/12b14418-28f0-4786-b8f8-a637fe007b6c?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-recipe-manager/trunk/inc/libs/class.metaboxes.php#L203"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-recipe-manager/tags/1.0.0/inc/libs/class.metaboxes.php#L203"}], "descriptions": [{"lang": "en", "value": "The WP Recipe Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Skill Level' input field in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:36:29.657Z"}}}, "cveMetadata": {"cveId": "CVE-2025-13667", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:36:29.657Z", "dateReserved": "2025-11-25T16:38:36.070Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-01-07T09:20:52.180Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The WP Recipe Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Skill Level' input field in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}, {"lang": "es", "value": "El plugin WP Recipe Manager para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s del campo de entrada 'Nivel de Habilidad' en todas las versiones hasta la 1.0.0, inclusive, debido a la sanitizaci\u00f3n de entrada y el escape de salida insuficientes en atributos proporcionados por el usuario. Esto permite que atacantes autenticados, con acceso de nivel Colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."}], "id": "CVE-2025-13667", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-01-07T12:16:49.547", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/wp-recipe-manager/tags/1.0.0/inc/libs/class.metaboxes.php#L203"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/wp-recipe-manager/trunk/inc/libs/class.metaboxes.php#L203"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/12b14418-28f0-4786-b8f8-a637fe007b6c?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T15:48:45.568683+00:00", "value": {"mitigation_remediation": ["Upgrade WP Recipe Manager to the latest released version that includes the XSS fix. ", "Revoke Contributor or higher roles from users that do not require them, limiting the pool of potential attackers. ", "Remove or sanitize existing Skill Level entries to eliminate any injected scripts before users view the recipes."], "summary": {"action": "Patch Now", "impact": "Stored Cross\u2011Site Scripting via the Skill Level field"}, "threat_synthesis": {"affected_systems": "WordPress sites running the WP Recipe Manager plugin version 1.0.0 or earlier. The plugin is distributed under the tomiup:WP Recipe Manager CNA and the vulnerability is present in all releases up to 1.0.0 for any deployment, regardless of WordPress version.", "description_and_impact": "In WP Recipe Manager up to and including version 1.0.0, the Skill Level input field does not sanitize or escape user supplied data. This allows a logged\u2011in user with Contributor privileges or higher to store malicious JavaScript that is then rendered in recipe pages. When another user opens a recipe page containing the injected script, the code executes in the victim\u2019s browser, potentially leaking session cookies, defacing the site, or performing other client\u2011side attacks. The flaw is a classic stored XSS (CWE\u201179) that depends on authenticating to the site and creating or editing a recipe entry.", "risk_and_exploitability": "The CVSS v3.1 score of 6.4 classifies the vulnerability as medium\u2011to\u2011high severity. The EPSS score of less than 1% indicates a very low probability of exploitation in the wild at present. The flaw is not listed in the CISA KEV catalog. Exploitation requires an authenticated session with Contributor level or higher, and the attacker must create or edit a recipe to inject the payload. Once injected, the script runs automatically for any site visitor who views the affected recipe page."}}}}, "created": "2026-01-08T09:49:17.839171+00:00", "updated": "2026-04-22T16:00:12.093278+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}