Vulnerabilities and security researches forrecipe-card-blocks-by-wpzoom recipe-card-blocks-by-wpzoom
Direction: ascendingJun 06, 2024
Recipe Card Blocks for Gutenberg & Elementor – Best WordPress Recipe Plugin # CVE-2021-24632
- CVE, Research URL
- Home page URL
- Date
- Sep 27, 2021
- Research Description
- The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.1 does not escape the message parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue
- Affected versions
-
max 2.8.3.
- Status
-
vulnerable
Recipe Card Blocks for Gutenberg & Elementor – Best WordPress Recipe Plugin # CVE-2021-24634
- CVE, Research URL
- Home page URL
- Date
- Sep 27, 2021
- Research Description
- The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.3 does not properly sanitise or escape some of the properties of the Recipe Card Block (such as ingredientsLayout, iconSet, steps, ingredients, recipeTitle, or settings), which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks.
- Affected versions
-
max 2.8.3.
- Status
-
vulnerable
Aug 20, 2024
Recipe Card Blocks for Gutenberg & Elementor – Best WordPress Recipe Plugin # CVE-2024-43293
- CVE, Research URL
- Home page URL
- Date
- Nov 01, 2024
- Research Description
- Missing Authorization vulnerability in WPZOOM Recipe Card Blocks for Gutenberg & Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Recipe Card Blocks for Gutenberg & Elementor: from n/a through 3.3.1.
- Affected versions
-
max 3.3.2.
- Status
-
vulnerable
Feb 27, 2025
Recipe Card Blocks for Gutenberg & Elementor – Best WordPress Recipe Plugin # CVE-2025-26983
- CVE, Research URL
- Home page URL
- Date
- Feb 25, 2025
- Research Description
- Missing Authorization vulnerability in WPZOOM Recipe Card Blocks for Gutenberg & Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Recipe Card Blocks for Gutenberg & Elementor: from n/a through 3.4.3.
- Affected versions
-
max 3.4.4.
- Status
-
vulnerable
Nov 11, 2025
Recipe Card Blocks for Gutenberg & Elementor – Best WordPress Recipe Plugin # CVE-2025-62019
- CVE, Research URL
- Home page URL
- Date
- Oct 22, 2025
- Research Description
- Missing Authorization vulnerability in WPZOOM Recipe Card Blocks for Gutenberg & Elementor recipe-card-blocks-by-wpzoom.This issue affects Recipe Card Blocks for Gutenberg & Elementor: from n/a through <= 3.4.8.
- Affected versions
-
max 3.4.8.
- Status
-
vulnerable
Jan 28, 2026
Recipe Card Blocks for Gutenberg & Elementor – Best WordPress Recipe Plugin # CVE-2025-14973
- CVE, Research URL
- Home page URL
- Date
- Jan 26, 2026
- Research Description
- The Recipe Card Blocks Lite WordPress plugin before 3.4.13 does not sanitize and escape a parameter before using it in a SQL statement, allowing contributors and above to perform SQL injection attacks.
- Affected versions
-
max 3.4.13.
- Status
-
vulnerable
Jun 10, 2026
Recipe Card Blocks for Gutenberg & Elementor – Best WordPress Recipe Plugin # CVE-2026-3011
- CVE, Research URL
- Home page URL
- Date
- Jun 08, 2026
- Research Description
- The Recipe Card Blocks Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the recipe block's 'summary' and 'notes' attributes in all versions up to, and including, 3.4.13. This is due to the 'WPZOOM_Helpers::deserialize_block_attributes' method converting unicode-encoded sequences back into HTML characters after sanitization has already been applied. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that execute whenever a user accesses the published post or the print view of an injected recipe.
- Affected versions
-
max 3.4.14.
- Status
-
vulnerable