Does Recipe Card Blocks Lite have any unpatched vulnerabilities?

No. All known vulnerabilities in Recipe Card Blocks Lite have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Recipe Card Blocks Lite compatible with WordPress 6.9.4?

According to WordPress.org data, Recipe Card Blocks Lite 3.4.14 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Recipe Card Blocks Lite compatible with PHP 7.4+?

Recipe Card Blocks Lite requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Recipe Card Blocks Lite updated?

Recipe Card Blocks Lite was last updated on Feb 26, 2026. Frequent updates are generally a positive security signal.

What is Recipe Card Blocks Lite's security score?

Recipe Card Blocks Lite has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Recipe Card Blocks Lite Security & Risk Analysis

wordpress.org/plugins/recipe-card-blocks-by-wpzoom

Recipe Card Blocks with Schema Markup — create SEO-optimized recipes with Gutenberg, Elementor & AMP support

10K active installs v3.4.14 PHP 7.4+ WP 6.0+ Updated Feb 26, 2026

reciperecipe-cardrecipe-makerrecipesschema

A · Safe

CVEs total6

Unpatched0

Last CVEJan 27, 2026

Plugin page Download

Safety Verdict

Is Recipe Card Blocks Lite Safe to Use in 2026?

Generally Safe

Score 92/100

Recipe Card Blocks Lite has a strong security track record. Known vulnerabilities have been patched promptly.

6 known CVEsLast CVE: Jan 27, 2026Updated 1mo ago

Risk Assessment

The plugin "recipe-card-blocks-by-wpzoom" v3.4.14 exhibits a mixed security posture. While the static analysis reveals several good practices, such as 100% of SQL queries using prepared statements and a high percentage of properly escaped output, there are notable concerns. The presence of two AJAX handlers without authentication checks represents a direct attack vector. The use of the `unserialize` function, even if not exploited in the provided taint analysis, is inherently risky and can lead to deserialization vulnerabilities if not handled with extreme care.

The vulnerability history is a significant concern. With a total of six known CVEs, including one high and five medium severity vulnerabilities, this plugin has a track record of security flaws. The common vulnerability types listed, such as SQL Injection and Authorization issues, are serious and have historically impacted the plugin. While there are currently no unpatched vulnerabilities, the recurrence of these issues suggests potential systemic weaknesses that could be re-introduced in future updates or remain exploitable if older versions are used.

In conclusion, while the code exhibits some modern security practices, the high number of past vulnerabilities and the presence of unprotected entry points are significant red flags. The risk is elevated due to the historical pattern of critical security flaws. Users should be cautious and ensure they are always running the latest patched version, though the past history warrants a thorough review of its current security posture.

Key Concerns

Unprotected AJAX handlers
Use of unserialize function
1 High severity historical CVE
5 Medium severity historical CVEs
Authorization bypass history
SQL injection history
XSS history

Vulnerabilities

Recipe Card Blocks Lite Security Vulnerabilities

CVEs by Year

2 CVEs in 2021

2021

1 CVE in 2024

2024

2 CVEs in 2025

2025

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

High

Medium

6 total CVEs

CVE-2025-14973medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Recipe Card Blocks for Gutenberg & Elementor < 3.4.13 - Authenticated (Contributor+) SQL Injection

Jan 27, 2026 Patched in 3.4.13 (1d)

CVE-2025-62019high · 7.5Incorrect Authorization

Recipe Card Blocks for Gutenberg & Elementor <= 3.4.8 - Incorrect Authorization

Sep 11, 2025 Patched in 3.4.9 (55d)

CVE-2025-26983medium · 4.3Authorization Bypass Through User-Controlled Key

Recipe Card Blocks for Gutenberg & Elementor <= 3.4.3 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Disclosure

Feb 23, 2025 Patched in 3.4.4 (9d)

CVE-2024-43293medium · 5.4Missing Authorization

Recipe Card Blocks for Gutenberg & Elementor <= 3.3.1 - Missing Authorization

Aug 16, 2024 Patched in 3.3.2 (4d)

CVE-2021-24634medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Recipe Card Blocks by WPZOOM <= 2.8.2 - Authenticated Stored Cross-Site Scripting

Aug 24, 2021 Patched in 2.8.3 (882d)

CVE-2021-24632medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Recipe Card Blocks by WPZOOM <= 2.8.0 - Reflected Cross-Site Scripting

Aug 24, 2021 Patched in 2.8.1 (882d)

Code Analysis

Analyzed Mar 16, 2026

Recipe Card Blocks Lite Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

504 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$recipe_ingredients = isset( $recipe_data['wprm_ingredients'][0] ) ? unserialize( $recipe_data['wprmsrc\classes\import\class-wpzoom-import-wprm.php:474

unserialize$recipe_steps = isset( $recipe_data['wprm_instructions'][0] ) ? unserialize( $recipe_data['wprm_instsrc\classes\import\class-wpzoom-import-wprm.php:580

unserialize$recipe_equipment = isset( $recipe_data['wprm_equipment'][0] ) ? unserialize( $recipe_data['wprm_equsrc\classes\import\class-wpzoom-import-wprm.php:632

SQL Query Safety

100% prepared2 total queries

Output Escaping

92% escaped546 total outputs

Data Flows

All sanitized

Data Flow Analysis

1 flows

<class-wpzoom-custom-post> (src\classes\class-wpzoom-custom-post.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Recipe Card Blocks Lite Attack Surface

Entry Points16

Unprotected2

AJAX Handlers 11

authwp_ajax_rcb_dismiss_bf_bannersrc\classes\class-wpzoom-marketing-banner.php:26

authwp_ajax_wpzoom_search_recipessrc\classes\class-wpzoom-recipe-scanner.php:53

authwp_ajax_wpzoom_search_recipes_box_closesrc\classes\class-wpzoom-recipe-scanner.php:54

authwp_ajax_rcb_dismiss_recipes_page_noticesrc\classes\class-wpzoom-recipes-page-notice.php:34

authwp_ajax_wpzoom_reset_settingssrc\classes\class-wpzoom-settings.php:81

authwp_ajax_wpzoom_welcome_banner_closesrc\classes\class-wpzoom-settings.php:82

authwp_ajax_get_user_info_ai_creditssrc\classes\class-wpzoom-settings.php:236

authwp_ajax_logout_user_ai_creditssrc\classes\class-wpzoom-settings.php:237

authwp_ajax_refresh_ai_creditssrc\classes\class-wpzoom-settings.php:238

authwp_ajax_wpzoom_scan_recipessrc\classes\import\class-wpzoom-import-wprm.php:59

authwp_ajax_wpzoom_import_recipessrc\classes\import\class-wpzoom-import-wprm.php:60

REST API Routes 4

POST/wp-json/wpzoomRCB/v1/saveGeneratedImagesrc\classes\class-wpzoom-settings.php:103

POST/wp-json/wpzoomRCB/v1/updateCreditssrc\classes\class-wpzoom-settings.php:111

GET/wp-json/wpzoomRCB/v1/getCreditssrc\classes\class-wpzoom-settings.php:119

GET/wp-json/wpzoomRCB/v1/getLicenseDatasrc\classes\class-wpzoom-settings.php:127

Shortcodes 1

[wpzoom_rcb_post] src\classes\class-wpzoom-recipe-shortcode.php:49

WordPress Hooks 76

actionelementor/initelementor\wpzoom-elementor-recipe-card.php:49

actionelementor/elements/categories_registeredelementor\wpzoom-elementor-recipe-card.php:66

actionelementor/widgets/registerelementor\wpzoom-elementor-recipe-card.php:67

actionelementor/controls/registerelementor\wpzoom-elementor-recipe-card.php:68

actionelementor/editor/before_enqueue_scriptselementor\wpzoom-elementor-recipe-card.php:70

filterelementor/icons_manager/additional_tabselementor\wpzoom-elementor-recipe-card.php:73

actionadmin_enqueue_scriptssrc\classes\class-wpzoom-admin-license.php:16

actionwpzoom_rcb_admin_licensesrc\classes\class-wpzoom-admin-license.php:18

actionadmin_menusrc\classes\class-wpzoom-admin-menu.php:25

actionin_admin_headersrc\classes\class-wpzoom-admin-pointer.php:25

actionadmin_initsrc\classes\class-wpzoom-admin-pointer.php:26

actioninitsrc\classes\class-wpzoom-assets-manager.php:63

actionenqueue_block_assetssrc\classes\class-wpzoom-assets-manager.php:65

actionenqueue_block_assetssrc\classes\class-wpzoom-assets-manager.php:66

actionenqueue_block_assetssrc\classes\class-wpzoom-assets-manager.php:67

actionenqueue_block_assetssrc\classes\class-wpzoom-assets-manager.php:68

actionenqueue_block_editor_assetssrc\classes\class-wpzoom-assets-manager.php:70

actionenqueue_block_editor_assetssrc\classes\class-wpzoom-assets-manager.php:71

actionenqueue_block_editor_assetssrc\classes\class-wpzoom-assets-manager.php:72

actionamp_post_template_csssrc\classes\class-wpzoom-assets-manager.php:74

actioninitsrc\classes\class-wpzoom-custom-post.php:60

actionadmin_menusrc\classes\class-wpzoom-custom-post.php:61

filterparent_filesrc\classes\class-wpzoom-custom-post.php:62

actionadd_meta_boxessrc\classes\class-wpzoom-custom-post.php:64

actionsave_postsrc\classes\class-wpzoom-custom-post.php:65

filterallowed_block_typessrc\classes\class-wpzoom-custom-post.php:68

filterallowed_block_types_allsrc\classes\class-wpzoom-custom-post.php:70

filterdefault_contentsrc\classes\class-wpzoom-custom-post.php:72

actionadmin_footersrc\classes\class-wpzoom-custom-post.php:74

actionadmin_enqueue_scriptssrc\classes\class-wpzoom-custom-post.php:75

filtermanage_wpzoom_rcb_posts_columnssrc\classes\class-wpzoom-custom-post.php:78

actionmanage_wpzoom_rcb_posts_custom_columnsrc\classes\class-wpzoom-custom-post.php:79

actiontemplate_redirectsrc\classes\class-wpzoom-custom-post.php:81

filterpost_row_actionssrc\classes\class-wpzoom-custom-post.php:82

actionenqueue_block_editor_assetssrc\classes\class-wpzoom-custom-post.php:84

actionelementor/preview/enqueue_stylessrc\classes\class-wpzoom-elementor.php:41

actionelementor/frontend/widget/before_rendersrc\classes\class-wpzoom-elementor.php:42

filterwpzoom/recipe_card/print_button/attributessrc\classes\class-wpzoom-elementor.php:43

filterjetpack_lazy_images_blacklisted_classessrc\classes\class-wpzoom-helpers.php:284

actionwpzoom_rcb_admin_pagesrc\classes\class-wpzoom-lite-vs-pro.php:29

actionadmin_enqueue_scriptssrc\classes\class-wpzoom-lite-vs-pro.php:32

actionadmin_noticessrc\classes\class-wpzoom-marketing-banner.php:23

filterplugin_row_metasrc\classes\class-wpzoom-plugin-activator.php:33

actionadmin_noticessrc\classes\class-wpzoom-plugin-loader.php:32

actionnetwork_admin_noticessrc\classes\class-wpzoom-plugin-loader.php:33

actioninitsrc\classes\class-wpzoom-print.php:14

filterdo_rocket_lazyloadsrc\classes\class-wpzoom-print.php:57

filterblock_categoriessrc\classes\class-wpzoom-recipe-card-block-gutenberg.php:50

filterblock_categories_allsrc\classes\class-wpzoom-recipe-card-block-gutenberg.php:52

filterimage_size_names_choosesrc\classes\class-wpzoom-recipe-card-block-gutenberg.php:54

actionafter_setup_themesrc\classes\class-wpzoom-recipe-card-block-gutenberg.php:56

actioninitsrc\classes\class-wpzoom-recipe-card-block-gutenberg.php:57

actioninitsrc\classes\class-wpzoom-recipe-card-block-gutenberg.php:58

actionadmin_bar_menusrc\classes\class-wpzoom-recipe-edit-link.php:52

filterpost_row_actionssrc\classes\class-wpzoom-recipe-edit-link.php:53

filterpage_row_actionssrc\classes\class-wpzoom-recipe-edit-link.php:54

actionsave_postsrc\classes\class-wpzoom-recipe-post-saver.php:50

actionsave_postsrc\classes\class-wpzoom-recipe-post-saver.php:51

actionsave_postsrc\classes\class-wpzoom-recipe-post-saver.php:52

actionsave_postsrc\classes\class-wpzoom-recipe-post-saver.php:215

actionsave_postsrc\classes\class-wpzoom-recipe-post-saver.php:295

actionadmin_enqueue_scriptssrc\classes\class-wpzoom-recipe-scanner.php:52

actionadmin_noticessrc\classes\class-wpzoom-recipes-page-notice.php:31

actionadmin_initsrc\classes\class-wpzoom-reusable-blocks-extended.php:23

actionadmin_initsrc\classes\class-wpzoom-settings.php:74

actionadmin_initsrc\classes\class-wpzoom-settings.php:75

actionadmin_enqueue_scriptssrc\classes\class-wpzoom-settings.php:78

actionwpzoom_rcb_admin_pagesrc\classes\class-wpzoom-settings.php:86

actionwpzoom_rcb_welcome_bannersrc\classes\class-wpzoom-settings.php:89

actionrest_api_initsrc\classes\class-wpzoom-settings.php:96

actionadmin_menusrc\classes\import\class-wpzoom-import-manager.php:51

actionadmin_noticessrc\classes\import\class-wpzoom-import-manager.php:52

filterthe_contentsrc\structured-data-blocks\class-wpzoom-recipe-card-block.php:314

actionadmin_initwpzoom-recipe-card.php:40

actioninitwpzoom-recipe-card.php:55

filtertasty_links_enabled_rendered_blockswpzoom-recipe-card.php:73

Maintenance & Trust

Recipe Card Blocks Lite Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 26, 2026

PHP min version7.4

Downloads528K

Community Trust

Rating96/100

Number of ratings20

Active installs10K

Alternatives

Recipe Card Blocks Lite Alternatives

WP Recipe Maker

wp-recipe-maker

The easy and user-friendly recipe plugin for everyone. Automatic JSON-LD metadata for food AND how-to recipes will improve your SEO!

50K 20 CVEs

Create

mediavine-create

Complete tool for creating and publishing recipes and other schema types on your site.

6K 4 CVEs

Tasty Recipes Lite

tasty-recipes-lite

The easiest recipe plugin to get your food blog up and running fast.

1K 2 CVEs

Recipe Cards For Your Food Blog from Zip Recipes

zip-recipes

Zip Recipes is the best way to easily create a beautiful food blog with professional looking recipes that can be found by Google.

1K 4 CVEs

Boo Recipes

boo-recipes

Easily add Recipes in user friendly way that generates SEO optimized recipes using Schema.org microdata.

40 1 unpatched

Developer Profile

Recipe Card Blocks Lite Developer Profile

WPZOOM

24 plugins · 337K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

102 days

View full developer profile

Detection Fingerprints

How We Detect Recipe Card Blocks Lite

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/recipe-card-blocks-by-wpzoom/elementor/assets/js/vendors/image-picker/image-picker.css/wp-content/plugins/recipe-card-blocks-by-wpzoom/elementor/assets/js/vendors/image-picker/image-picker.min.js/wp-content/plugins/recipe-card-blocks-by-wpzoom/elementor/assets/js/image-picker-control.js/wp-content/plugins/recipe-card-blocks-by-wpzoom/elementor/assets/css/tagsinput.css/wp-content/plugins/recipe-card-blocks-by-wpzoom/elementor/assets/js/tagsinput.js/wp-content/plugins/recipe-card-blocks-by-wpzoom/elementor/assets/js/tagsinput-control.js

Script Paths

/wp-content/plugins/recipe-card-blocks-by-wpzoom/elementor/assets/js/vendors/image-picker/image-picker.min.js/wp-content/plugins/recipe-card-blocks-by-wpzoom/elementor/assets/js/image-picker-control.js/wp-content/plugins/recipe-card-blocks-by-wpzoom/elementor/assets/js/tagsinput.js/wp-content/plugins/recipe-card-blocks-by-wpzoom/elementor/assets/js/tagsinput-control.js

Version Parameters

wpzoom-image-pickerwpzoom-image-picker-controlwpzoom-tagfieldwpzoom-tagsinput-control

HTML / DOM Fingerprints

CSS Classes

wpzoom-image-pickerelementor-control-tag-area

Data Attributes

data-img-labeldata-img-src

JS Globals

WPZOOM_RCB_VERSION

FAQ