Cooked Pro < 1.7.5.6 - Unauthenticated Reflected Cross Site Scripting (XSS)

Description

The plugin was affected by unauthenticated reflected Cross-Site Scripting issues, due to improper sanitisation of user input while being output back in pages as an arbitrary attribute.

Proof of Concept

https://cooked.pro/demo/trial/5snjx6louabhdpg/profile/?t8osi%22%3e%3cscript%3ealert(1)%3c%2fscript%3edr7ag=1