Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.3
WP Recipe Maker Plugin Allows Access to Sensitive Recipe Data
CVE-2025-14742
Summary
The WP Recipe Maker plugin for WordPress has a security flaw that allows users with Subscriber-level access or higher to view sensitive recipe information they shouldn't be able to see. This includes draft, pending, and private recipes. To protect your data, update to the latest version of the plugin.
Original title
The WP Recipe Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajax_search_recipes' and 'ajax_get_recipe' functions in all versions ...
Original description
The WP Recipe Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajax_search_recipes' and 'ajax_get_recipe' functions in all versions up to, and including, 10.2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive recipe information including draft, pending, and private recipes that they shouldn't be able to access.
nvd CVSS3.1
4.3
Vulnerability type
CWE-639
Authorization Bypass Through User-Controlled Key
- https://plugins.trac.wordpress.org/browser/wp-recipe-maker/trunk/includes/public...
- https://plugins.trac.wordpress.org/browser/wp-recipe-maker/trunk/includes/public...
- https://plugins.trac.wordpress.org/browser/wp-recipe-maker/trunk/includes/public...
- https://plugins.trac.wordpress.org/browser/wp-recipe-maker/trunk/includes/public...
- https://plugins.trac.wordpress.org/changeset/3440361/wp-recipe-maker/trunk/inclu...
- https://www.wordfence.com/threat-intel/vulnerabilities/id/10c17e74-dced-483e-bca...
Published: 25 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026