{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T07:24:49.323","vulnerabilities":[{"cve":{"id":"CVE-2024-39310","sourceIdentifier":"security-advisories@github.com","published":"2024-07-01T22:15:03.483","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Basil recipe theme for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the `post_title` parameter in versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses a compromised page. Because the of the default WordPress validation, it is not possible to insert the payload directly but if the Cooked plugin is installed, it is possible to create a recipe post type (cp_recipe) and inject the payload in the title field. Version 2.0.5 contains a patch for the issue."},{"lang":"es","value":"El tema Basil recipe para WordPress es vulnerable a Cross-Site Scripting (XSS) a través del parámetro `post_title` en versiones hasta la 2.0.4 incluida debido a una sanitización de entrada y un escape de salida insuficientes. Esta vulnerabilidad permite a atacantes autenticados con acceso de nivel de colaborador y superior inyectar scripts web arbitrarios en páginas que se ejecutarán cada vez que un usuario acceda a una página comprometida. Debido a la validación predeterminada de WordPress, no es posible insertar la carga útil directamente, pero si el complemento Cooked está instalado, es posible crear un tipo de publicación de receta (cp_recipe) e inyectar el payload en el campo del título. La versión 2.0.5 contiene un parche para el problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/XjSv/Basil/commit/e2b1dbf1637d1ec2663f9aa1a563b02dc76a8146","source":"security-advisories@github.com"},{"url":"https://github.com/XjSv/Basil/security/advisories/GHSA-cr7v-8v2h-49vx","source":"security-advisories@github.com"},{"url":"https://github.com/XjSv/Basil/commit/e2b1dbf1637d1ec2663f9aa1a563b02dc76a8146","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/XjSv/Basil/security/advisories/GHSA-cr7v-8v2h-49vx","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}