CVE-2026-3011 – Recipe Card Blocks Lite

CVE ID :CVE-2026-3011

Published : June 8, 2026, 12:16 p.m. | 16 minutes ago

Description :The Recipe Card Blocks Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the recipe block’s ‘summary’ and ‘notes’ attributes in all versions up to, and including, 3.4.13. This is due to the ‘WPZOOM_Helpers::deserialize_block_attributes’ method converting unicode-encoded sequences back into HTML characters after sanitization has already been applied. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that execute whenever a user accesses the published post or the print view of an injected recipe.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-11521 – Mohammed-eid35 bank-management-system-springboot Transaction Endpoint TransactionController.java improper authorization

CVE-2026-43973 – gun HTTP/1.1 response buffer has no size limit allowing server-controlled memory exhaustion

CVE-2026-43972 – gun HTTP/2 PUSH_PROMISE authority not validated against connection origin allows cross-origin cookie injection

CVE-2026-43974 – gun HTTP/1.1 client accepts unsolicited 101 Switching Protocols response allowing server-driven protocol hijack and OOM