CVE-2024-43935: 
WordPress vulnerability analysis and mitigation

A Cross-site Scripting (XSS) vulnerability was discovered in the WP Delicious Delicious Recipes – WordPress Recipe Plugin affecting versions through 1.6.7. The vulnerability was reported on July 28, 2024, by Ngô Thiên An (ancorn from VNPT-VCI) and was publicly disclosed on August 26, 2024 ([Patchstack](https://patchstack.com/database/vulnerability/delicious-recipes/wordpress-wp-delicious-recipe-plugin-for-food-bloggers-formerly-delicious-recipes-plugin-1-6-7-cross-site-scripting-xss-vulnerability?s_id=cve)).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) with a CVSS v3.1 base score of 5.4 MEDIUM (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) according to NVD's assessment, while Patchstack rates it at 6.5 MEDIUM (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L) (NVD).

The vulnerability could allow a malicious actor to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website, which would be executed when guests visit the site (Patchstack).

The vulnerability has been fixed in version 1.6.8 of the plugin. Users are advised to update to version 1.6.8 or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins (Patchstack).