# Exploit Title: [wp-recipe-maker Cross Site Scripting] # Google Dork: [N/A] # Date: [31/1/2024] # Exploit Author: [H4X.Forensics - Diyar] # Vendor Homepage: [ https://wordpress.org/plugin] # Software Link: [ https://downloads.wordpress.org/plugin/wp-recipe-maker.zip] # Version: [6.4.2] (6.4.2) # Tested on: [Windows] # CVE : N/A Vulnerable Code : ?> <a href="<?php echo esc_url( $back_link ); ?>" id="wprm-print-button-back" class="wprm-print-button"><?php _e( 'Go Back', 'wp-recipe-maker' );?></a> <?php Exploit : Click wp-recipe-maker Click create recipe From video section click embed video Insert this payload : <video src=1 href=1 onerror="javascript:alert(1)"></video> Click save and close . 7lick print button Alert Message will pop-up Sent with Proton Mail secure email.