Description
Cross-Site Request Forgery (CSRF) vulnerability in Yummly Yummly Rich Recipes yummly-rich-recipes allows Cross Site Request Forgery.This issue affects Yummly Rich Recipes: from n/a through <= 4.2.
Published: 2025-03-24
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Cross‑Site Request Forgery (CSRF) in the Yummly Rich Recipes WordPress plugin allows an attacker to force an authenticated user to submit a request that modifies website content or settings. The vulnerability permits unauthorized requests to be sent with the victim’s cookies, potentially altering recipe data or other plugin‑managed content. It is classified as CWE‑352 and has a CVSS score of 4.3, indicating moderate potential impact.

Affected Systems

All WordPress sites that run the Yummly Rich Recipes plugin version 4.2 or earlier are affected. The issue is present from the oldest available release up to and including 4.2. Addresses are available on WordPress and on third‑party advisory sites; the plugin is maintained by Yummly.

Risk and Exploitability

The EPSS score is below 1 %, and the vulnerability is not listed in the CISA KEV catalog, suggesting a low to moderate exploitation likelihood. The attack would typically be performed through the victim’s browser by sending a crafted URL or form, exploiting the lack of CSRF tokens. As the plugin does not include mitigations for forged requests, an attacker could trigger unintended actions as long as the user remains logged in.

Generated by OpenCVE AI on May 1, 2026 at 04:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Yummly Rich Recipes plugin to a version newer than 4.2 that includes CSRF protection.
  • If an immediate upgrade is not possible, temporarily disable or remove the plugin or its vulnerable endpoints until a patch is applied.
  • Configure a web application firewall or security plugin to block or require CSRF tokens for state‑changing requests.

Generated by OpenCVE AI on May 1, 2026 at 04:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-7976 Cross-Site Request Forgery (CSRF) vulnerability in Yummly Yummly Rich Recipes allows Cross Site Request Forgery. This issue affects Yummly Rich Recipes: from n/a through 4.2.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in Yummly Yummly Rich Recipes allows Cross Site Request Forgery. This issue affects Yummly Rich Recipes: from n/a through 4.2. Cross-Site Request Forgery (CSRF) vulnerability in Yummly Yummly Rich Recipes yummly-rich-recipes allows Cross Site Request Forgery.This issue affects Yummly Rich Recipes: from n/a through <= 4.2.
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Mon, 24 Mar 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 24 Mar 2025 14:00:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in Yummly Yummly Rich Recipes allows Cross Site Request Forgery. This issue affects Yummly Rich Recipes: from n/a through 4.2.
Title WordPress Yummly Rich Recipes plugin <= 4.2 - Cross Site Request Forgery (CSRF) vulnerability
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:11:53.824Z

Reserved: 2025-03-24T12:59:49.933Z

Link: CVE-2025-30549

cve-icon Vulnrichment

Updated: 2025-03-24T14:50:16.790Z

cve-icon NVD

Status : Deferred

Published: 2025-03-24T14:15:23.970

Modified: 2026-04-23T15:26:50.770

Link: CVE-2025-30549

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T04:45:08Z

Weaknesses