WordPress Plugin Vulnerabilities

Recipe Card Blocks < 2.8.1 - Reflected Cross-Site Scripting

Description

The plugin does not escape the message parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue

Proof of Concept

Affects Plugins

Plugin icon
recipe-card-blocks-by-wpzoom
Fixed in 2.8.1

References

CVE
CVE-2021-24632

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.1 (high)

Miscellaneous

Original Researcher
apple502j
Submitter
apple502j
Verified
Yes
WPVDB ID
55cd6d5e-92c1-407a-8c0f-f89d415ebb66

Timeline

Publicly Published
2021-08-24 (about 4 years ago)
Added
2021-08-24 (about 4 years ago)
Last Updated
2022-04-09 (about 3 years ago)

Other

Published
Title
Published
2025-04-04
Title
Video Playlist For YouTube <= 6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-02-12
Title
Ultimate Reviews < 3.2.9 - Unauthenticated stored Cross-Site Scripting via reviews
Published
2024-10-29
Title
Widget or Sidebar Shortcode <= 0.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Published
2023-04-13
Title
Coupon Affiliates < 5.4.6 - Reflected XSS
Published
2025-03-31
Title
Custom Content Scrollbar <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting