CVE-2024-3490
📋 TL;DR
The WP Recipe Maker WordPress plugin has a stored cross-site scripting vulnerability that allows authenticated attackers with contributor-level access or higher to inject malicious scripts into website pages. These scripts execute whenever users visit the compromised pages, potentially stealing credentials or performing unauthorized actions. All WordPress sites using WP Recipe Maker version 9.3.1 or earlier are affected.
💻 Affected Systems
- WP Recipe Maker WordPress Plugin
📦 What is this software?
Wp Recipe Maker by Bootstrapped
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, take over the WordPress site, deface pages, redirect users to malicious sites, or install backdoors for persistent access.
Likely Case
Attackers with contributor access inject malicious scripts to steal user session cookies, perform actions as authenticated users, or display phishing content to visitors.
If Mitigated
With proper user role management and input validation, the risk is limited to trusted contributors who would need to intentionally exploit the vulnerability.
🎯 Exploit Status
Exploitation requires authenticated access (contributor role or higher). The vulnerability is in a shortcode handler, making injection straightforward once authenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 9.3.2
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3078644/wp-recipe-maker
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find WP Recipe Maker. 4. Click 'Update Now' if available. 5. Alternatively, download version 9.3.2+ from WordPress plugin repository and manually update.
🔧 Temporary Workarounds
Disable Plugin
allTemporarily disable WP Recipe Maker plugin until patched
wp plugin deactivate wp-recipe-maker
Restrict User Roles
allRemove contributor role access or implement stricter role-based access controls
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block XSS payloads in shortcode attributes
- Audit and monitor all users with contributor-level access or higher for suspicious activity
🔍 How to Verify
Check if Vulnerable:
Check WP Recipe Maker plugin version in WordPress admin under Plugins → Installed PluginsCheck Version:
wp plugin get wp-recipe-maker --field=versionVerify Fix Applied:
Confirm plugin version is 9.3.2 or higher and review plugin changelog for security fixes📡 Detection & Monitoring
Log Indicators:
- Unusual shortcode usage in post/page edits
- Multiple failed login attempts followed by successful contributor login
- Posts/pages with unusual wprm-recipe-roundup-item shortcode attributes
Network Indicators:
- Outbound connections to suspicious domains from WordPress site
- Unexpected script tags in HTTP responses containing recipe content
SIEM Query:
source="wordpress.log" AND ("wprm-recipe-roundup-item" OR "wp-recipe-maker") AND ("script" OR "onclick" OR "javascript:")🔗 References
- https://plugins.trac.wordpress.org/changeset/3078644/wp-recipe-maker
- https://www.wordfence.com/threat-intel/vulnerabilities/id/69cc7b6c-b6c2-4bba-afb4-86ba1b36b295?source=cve
- https://plugins.trac.wordpress.org/changeset/3078644/wp-recipe-maker
- https://www.wordfence.com/threat-intel/vulnerabilities/id/69cc7b6c-b6c2-4bba-afb4-86ba1b36b295?source=cve
