PT-2026-4726 · WordPress · Recipe Card Blocks Lite
Purachai Phonwisut
·
Published
2026-01-26
·
Updated
2026-01-26
·
CVE-2025-14973
CVSS v3.1
6.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Recipe Card Blocks Lite WordPress plugin versions prior to 3.4.13
Description
The Recipe Card Blocks Lite WordPress plugin does not properly sanitize and escape a parameter before using it in a SQL statement. This allows users with contributor privileges or higher to potentially execute SQL injection attacks. The
parameter used in the SQL statement is not properly handled, creating a risk for malicious code execution.Recommendations
Update the Recipe Card Blocks Lite WordPress plugin to version 3.4.13 or later.
Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Recipe Card Blocks Lite