MEDIUM
wpdelicious
CVE published 2026-07-16
CVE-2026-15099
The Delicious Recipes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'steps' block attribute in versions up to, and including, 1.10.2. This is due to insufficient input sanitization and output escaping in the wrap_direction_text() function. The vulnerability exists because the plugin fails to properly sanitize and escape user-supplied input in the 'steps' block attribute, allowi [truncated]