[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fM6Qbh7BatZWI0vkXivJmGdrio1lUnqMjWkaK_Qy8-Rk":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2024-7626","wp-delicious-recipe-plugin-for-food-bloggers-formerly-delicious-recipes-improper-path-validation-to-authenticated-subscr","WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) \u003C= 1.6.9 - Improper Path Validation to Authenticated (Subscriber+) Arbitrary File Move and Read","The WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) plugin for WordPress is vulnerable to arbitrary file movement and reading due to insufficient file path validation in the save_edit_profile_details() function in all versions up to, and including, 1.6.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to move arbitrary files on the server, which can easily lead to remote code execution when the right file is moved (such as wp-config.php). This can also lead to the reading of arbitrary files that may contain sensitive information like wp-config.php.","delicious-recipes",null,"\u003C=1.6.9","1.7.0","high",8.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:N","External Control of File Name or Path","2024-09-10 00:00:00","2024-09-11 07:31:34",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F3c98bb53-9f7e-4ab3-9676-e3dbfb4a0519?source=api-prod",1]