Description
Cross-Site Request Forgery (CSRF) vulnerability in Edamam SEO, Nutrition and Print for Recipes by Edamam seo-nutrition-and-print-for-recipes-by-edamam allows Stored XSS.This issue affects SEO, Nutrition and Print for Recipes by Edamam: from n/a through <= 3.3.
Published: 2025-04-09
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a stored cross‑site scripting flaw triggered by a cross‑site request forgery in the Edamam SEO, Nutrition and Print for Recipes plugin. An attacker can submit a forged request that causes the plugin to permanently store malicious JavaScript. When other users load the affected content, the script runs in their browsers, enabling session hijacking, credential theft or site defacement. The flaw is a duplicate of CWE‑352, compromising confidentiality, integrity and availability of the site.

Affected Systems

All installations of the Edamam SEO, Nutrition and Print for Recipes plugin by Edamam up to and including version 3.3. This includes WordPress sites that have not upgraded beyond that version.

Risk and Exploitability

The CVSS score of 7.1 indicates high severity. The EPSS score of less than 1 percent suggests a low probability of exploitation in the near term, and the issue is not listed in CISA KEV. The attack vector is cross‑site request forgery, meaning an attacker can trick a legitimate user’s browser into sending the forged request, which then creates a stored XSS payload visible to all site visitors.

Generated by OpenCVE AI on April 30, 2026 at 23:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Edamam SEO, Nutrition and Print for Recipes plugin to the latest version that removes the CSRF vulnerability.
  • If an update is not possible, disable or uninstall the plugin until a fix is available.
  • Apply a CSRF protection mechanism such as a nonce or token validation for all forms and actions that the plugin handles.
  • Monitor site activity and error logs for signs of script injection or unusual requests.

Generated by OpenCVE AI on April 30, 2026 at 23:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-10601 Cross-Site Request Forgery (CSRF) vulnerability in Edamam SEO, Nutrition and Print for Recipes by Edamam allows Stored XSS. This issue affects SEO, Nutrition and Print for Recipes by Edamam: from n/a through 3.3.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in Edamam SEO, Nutrition and Print for Recipes by Edamam allows Stored XSS. This issue affects SEO, Nutrition and Print for Recipes by Edamam: from n/a through 3.3. Cross-Site Request Forgery (CSRF) vulnerability in Edamam SEO, Nutrition and Print for Recipes by Edamam seo-nutrition-and-print-for-recipes-by-edamam allows Stored XSS.This issue affects SEO, Nutrition and Print for Recipes by Edamam: from n/a through <= 3.3.
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Wed, 09 Apr 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 09 Apr 2025 16:30:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in Edamam SEO, Nutrition and Print for Recipes by Edamam allows Stored XSS. This issue affects SEO, Nutrition and Print for Recipes by Edamam: from n/a through 3.3.
Title WordPress SEO, Nutrition and Print for Recipes by Edamam plugin <= 3.3 - CSRF to Cross-Site Scripting vulnerability
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:24.000Z

Reserved: 2025-04-09T11:19:56.432Z

Link: CVE-2025-32555

cve-icon Vulnrichment

Updated: 2025-04-09T17:41:21.593Z

cve-icon NVD

Status : Deferred

Published: 2025-04-09T17:15:45.317

Modified: 2026-04-23T15:29:05.877

Link: CVE-2025-32555

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T00:00:05Z

Weaknesses