WordPress Plugin Vulnerabilities

Recipe Card Blocks for Gutenberg & Elementor < 3.4.9 - Incorrect Authorization

Description

The Recipe Card Blocks for Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized access due to an incorrect capability check on several REST-API endpoints in versions up to, and including, 3.4.8. This makes it possible for unauthenticated attackers to perform unauthorized actions.

Affects Plugins

Plugin icon
recipe-card-blocks-by-wpzoom
Fixed in 3.4.9

References

CVE
CVE-2025-62019
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/bbc7704b-8a28-4daf-8b83-bccc3783c43c

Classification

Type
INCORRECT AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-863
CVSS
7.5 (high)

Miscellaneous

Original Researcher
MD ISMAIL
Verified
No
WPVDB ID
17be4503-7552-4bee-ac80-1f274d938a37

Timeline

Publicly Published
2025-09-11 (about 8 months ago)
Added
2025-11-04 (about 7 months ago)
Last Updated
2025-11-04 (about 7 months ago)

Other

Published
Title
Published
2026-02-10
Title
Page Builder Features < 3.6.0 - Contributor+ Post Publication
Published
2026-06-08
Title
Helpfulcrowd Product Reviews <= 1.2.9 - Unauthenticated Arbitrary Settings Update via Type Juggling
Published
2022-09-29
Title
Accordions < 2.1.0 - Authenticated Arbitrary Options Update
Published
2025-06-16
Title
Poll, Survey & Quiz Maker Plugin by Opinion Stage < 19.10.0 - Incorrect Authorization to Authenticated (Contributor+) Plugin Settings Update
Published
2022-11-21
Title
WPTools < 3.43 - Subscriber+ Arbitrary Plugin Installation