3 matches found
CVE-2021-24634
The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.3 does not properly sanitise or escape some of the properties of the Recipe Card Block such as ingredientsLayout, iconSet, steps, ingredients, recipeTitle, or settings, which could allow users with a role as low as contributor to perfor...
CVE-2021-24634 Recipe Card Blocks < 2.8.3 - Contributor+ Stored Cross-Site Scripting
The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.3 does not properly sanitise or escape some of the properties of the Recipe Card Block such as ingredientsLayout, iconSet, steps, ingredients, recipeTitle, or settings, which could allow users with a role as low as contributor to perfor...
CVE-2021-24634
WPZOOM’s Recipe Card Blocks (Gutenberg/Elementor) for WordPress before 2.8.3 is vulnerable to Stored XSS due to insufficient sanitization/escaping of several properties (e.g., ingredientsLayout, iconSet, steps, ingredients, recipeTitle, settings). Exploitation requires at least a contributor+ rol...