WP Delicious - Recipe
Moderate fix1 remedy
cpe:2.3:a:wpdelicious:wp_delicious:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 1.9.0
WP Delicious Recipe Plugin Arbitrary File Upload Vulnerability Allowing Remote Code Execution
Vulnerability
Patched
A vulnerability exists in the WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) for WordPress. All versions through 1.9.0 are affected by an arbitrary file upload vulnerability. This issue allows an authenticated user with Contributor-level permissions to upload a malicious PHP file by specifying a remote URL during the recipe import process via CSV. The uploaded file can then be executed, leading to remote code execution on the server.
Impact
Exploitation of this vulnerability allows for arbitrary file uploads, with the potential for remote code execution on the server.
Reproduction
To reproduce this vulnerability, an authenticated user with Contributor-level permissions can import recipes using a CSV file. During the import process, the user can provide a remote URL that points to a malicious PHP file. Once the file is uploaded, it can be executed on the server, leading to remote code execution.
Remediation
Users are advised to update the WP Delicious – Recipe Plugin for Food Bloggers to version 1.9.1 or a newer patched version.
Added: Nov 1, 2025, 7:21 AM
Updated: Nov 1, 2025, 7:21 AM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
10.0exploitability
6.4remediation
7.7relevance
0.9threat
4.8urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.