WP-Safety

Recipe Cards For Your Food Blog from Zip Recipes Security & Risk Analysis

wordpress.org/plugins/zip-recipes

Zip Recipes is the best way to easily create a beautiful food blog with professional looking recipes that can be found by Google.

1K active installs v8.2.6 PHP 7.2+ WP 4.8+ Updated May 3, 2024
foodreciperecipe-cardschema-orgseo
90
A · Safe
CVEs total4
Unpatched0
Last CVEDec 29, 2023
Plugin page Download
Safety Verdict

Is Recipe Cards For Your Food Blog from Zip Recipes Safe to Use in 2026?

Generally Safe

Score 90/100

Recipe Cards For Your Food Blog from Zip Recipes has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Dec 29, 2023Updated 1yr ago
Risk Assessment

The zip-recipes plugin, version 8.2.6, exhibits a mixed security posture. While it incorporates a reasonable number of nonce and capability checks (16 and 39 respectively) and a majority of its SQL queries utilize prepared statements (72%), significant concerns arise from its substantial attack surface, particularly the 10 unprotected AJAX handlers. The taint analysis also reveals a critical flow with unsanitized paths, indicating a potential for serious security breaches like directory traversal or arbitrary file read vulnerabilities. This is exacerbated by the plugin's history of 4 known CVEs, including a high-severity SQL injection vulnerability, and past issues with CSRF and XSS. Although there are no currently unpatched CVEs, the recurring nature of past vulnerabilities suggests a persistent tendency for insecure coding practices that could be re-introduced in future updates. The plugin demonstrates a concerning imbalance between its protective measures and its exposure to attack vectors. The high number of unprotected entry points combined with a critical taint flow and historical vulnerability patterns point to a need for significant improvement in secure development practices to mitigate the risk of exploitation.

Key Concerns

  • 10 AJAX handlers without auth checks
  • Critical severity taint flow with unsanitized paths
  • Vulnerability history: 1 high severity CVE
  • Vulnerability history: 3 medium severity CVEs
  • Output escaping: only 61% properly escaped
  • Bundled Freemius v1.0 library (potential for outdatedness)
Vulnerabilities
4

Recipe Cards For Your Food Blog from Zip Recipes Security Vulnerabilities

CVEs by Year

4 CVEs in 2023
2023
Patched Has unpatched

Severity Breakdown

High
1
Medium
3

4 total CVEs

CVE-2023-52180high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Recipe Maker For Your Food Blog from Zip Recipes <= 8.1.0 - Authenticated(Contributor+) SQL Injection

Dec 29, 2023 Patched in 8.1.1 (25d)
WF-727a0649-082f-46d0-8d6f-de53ee7fb18e-zip-recipesmedium · 4.3Cross-Site Request Forgery (CSRF)

Zip Recipes <= 8.0.7 - Cross-Site Request Forgery

Jun 15, 2023 Patched in 8.0.8 (222d)
CVE-2023-35089medium · 4.3Cross-Site Request Forgery (CSRF)

Recipe Maker For Your Food Blog from Zip Recipes <= 8.0.7 - Cross-Site Request Forgery

Jun 15, 2023 Patched in 8.0.8 (222d)
CVE-2023-31076medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Zip Recipes <= 8.0.6 - Reflected Cross-Site Scripting via 's' parameter

Apr 24, 2023 Patched in 8.0.7 (274d)
Code Analysis
Analyzed Mar 16, 2026

Recipe Cards For Your Food Blog from Zip Recipes Code Analysis

Dangerous Functions
0
Raw SQL Queries
7
18 prepared
Unescaped Output
239
373 escaped
Nonce Checks
16
Capability Checks
39
File Operations
9
External Requests
6
Bundled Libraries
2

Bundled Libraries

Freemius1.0TinyMCE

SQL Query Safety

72% prepared25 total queries

Output Escaping

61% escaped612 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

7 flows2 with unsanitized paths
search_box (RecipeTable\class-recipe-table.php:94)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
10 unprotected

Recipe Cards For Your Food Blog from Zip Recipes Attack Surface

Entry Points16
Unprotected10

AJAX Handlers 12

authwp_ajax_zrdn_dismiss_review_noticeclass-review.php:20
authwp_ajax_zrdn_save_templateclass.ziprecipes.php:72
noprivwp_ajax_zrdn_grid_load_moreplugins\RecipeGrid2\RecipeGrid2.php:34
authwp_ajax_zrdn_grid_load_moreplugins\RecipeGrid2\RecipeGrid2.php:35
authwp_ajax_zrdn_clear_imageRecipeTable\RecipeMenu.php:54
authwp_ajax_zrdn_update_recipe_from_popupRecipeTable\RecipeMenu.php:81
authwp_ajax_zrdn_delete_recipeRecipeTable\RecipeMenu.php:141
authwp_ajax_zrdn_unlink_recipeRecipeTable\RecipeMenu.php:167
authwp_ajax_zrdn_get_embed_codeRecipeTable\RecipeMenu.php:193
authwp_ajax_zrdn_update_recipe_imageRecipeTable\RecipeMenu.php:219
authwp_ajax_zrdn_dismiss_sharing_noticesharing\class-recipe-sharing-admin.php:23
authwp_ajax_zrdn_cancel_tourshepherd\tour.php:24

Shortcodes 4

[zrdn-recipe] class.ziprecipes.php:93
[zrdn-nutrition-label] NutritionLabel\class-shortcode.php:15
[zrdn-grid] plugins\RecipeGrid2\RecipeGrid2.php:23
[ziprecipes] plugins\RecipeGrid2\RecipeGrid2.php:26
WordPress Hooks 86
actionzrdn_register_translationclass-field.php:21
actionzrdn_before_labelclass-field.php:23
actionzrdn_before_labelclass-field.php:24
actionzrdn_after_labelclass-field.php:25
actionzrdn_after_fieldclass-field.php:26
filterzrdn_load_field_valueclass-field.php:27
actionadmin_noticesclass-review.php:22
actionadmin_print_footer_scriptsclass-review.php:23
actionadmin_initclass-review.php:31
actionplugins_loadedclass.ziprecipes.php:47
actionplugins_loadedclass.ziprecipes.php:48
actionplugins_loadedclass.ziprecipes.php:49
actionadmin_headclass.ziprecipes.php:54
actionadmin_initclass.ziprecipes.php:55
actionadmin_bar_menuclass.ziprecipes.php:56
filterthe_contentclass.ziprecipes.php:62
actionadmin_enqueue_scriptsclass.ziprecipes.php:63
actionadmin_footerclass.ziprecipes.php:64
filteramp_post_template_metadataclass.ziprecipes.php:65
actionamp_post_template_cssclass.ziprecipes.php:66
actionadmin_noticesclass.ziprecipes.php:68
actionthe_contentclass.ziprecipes.php:69
actioninitclass.ziprecipes.php:71
actioninitclass.ziprecipes.php:74
actioninitclass.ziprecipes.php:75
actionwp_enqueue_scriptsclass.ziprecipes.php:77
actionzrdn_enqueue_scriptsclass.ziprecipes.php:78
actionzrdn_update_optionclass.ziprecipes.php:79
actionzrdn_after_update_optionsclass.ziprecipes.php:81
actionzrdn_load_recipeclass.ziprecipes.php:83
filterzrdn_update_optionclass.ziprecipes.php:90
filterzrdn_tabsclass.ziprecipes.php:95
actionadmin_initclass.ziprecipes.php:96
actionzrdn_update_optionclass.ziprecipes.php:98
filtermce_external_pluginsclass.ziprecipes.php:394
filtermce_buttonsclass.ziprecipes.php:395
actionrest_api_initcontrollers\EndpointController.php:44
actionplugins_loadedcron\cron.php:7
filtercron_schedulescron\cron.php:12
actionadmin_enqueue_scriptsgrid\grid-enqueue.php:4
actionadmin_enqueue_scriptsgrid\grid-enqueue.php:28
actionadmin_initmodels\Recipe.php:11
filterzrdn__nutrition_get_labelNutritionLabel\NutritionLabel.php:50
actionzrdn_recipe_block_nutrition_labelNutritionLabel\NutritionLabel.php:61
actionwidgets_initNutritionLabel\widget.php:87
filterzrdn_grid_itemsplugins\base.php:19
filterzrdn_edit_nutrition_fieldsplugins\base.php:33
actionrest_api_initplugins\RecipeGrid2\api.php:28
actionzrdn_enqueue_scriptsplugins\RecipeGrid2\RecipeGrid2.php:27
actionadmin_initplugins\RecipeGrid2\RecipeGrid2.php:29
actionadmin_enqueue_scriptsplugins\RecipeGrid2\RecipeGrid2.php:30
actionenqueue_block_assetsplugins\RecipeGrid2\RecipeGrid2.php:33
actionpost_updatedplugins\RecipeGrid2\RecipeGrid2.php:36
actionsave_postplugins\RecipeGrid2\RecipeGrid2.php:37
actionpost_updatedplugins\RecipeGrid2\RecipeGrid2.php:38
actionsave_postplugins\RecipeGrid2\RecipeGrid2.php:39
actioninitplugins\RecipeGrid2\RecipeGrid2.php:40
actionadmin_initplugins\RecipeGrid2\RecipeGrid2.php:41
filtermce_external_pluginsplugins\RecipeGrid2\RecipeGrid2.php:130
filtermce_buttonsplugins\RecipeGrid2\RecipeGrid2.php:131
actionenqueue_block_editor_assetsplugins\RecipeGrid2\src\block.php:24
actionadd_meta_boxesRecipeTable\metabox.php:13
actionedit_postRecipeTable\RecipeMenu.php:12
actionsave_postRecipeTable\RecipeMenu.php:13
actiondelete_postRecipeTable\RecipeMenu.php:43
actionadmin_menuRecipeTable\RecipeMenu.php:252
actionadmin_headRecipeTable\RecipeMenu.php:308
filterwp_prepare_attachment_for_jsRecipeTable\RecipeMenu.php:339
actionadmin_enqueue_scriptsRecipeTable\RecipeMenu.php:342
actionadmin_headRecipeTable\RecipeMenu.php:383
actioninitRecipeTable\RecipeMenu.php:508
actionzrdn_update_optionsharing\class-recipe-sharing-admin.php:18
actionadmin_initsharing\class-recipe-sharing-admin.php:19
actionadmin_initsharing\class-recipe-sharing-admin.php:20
actionadmin_initsharing\class-recipe-sharing-admin.php:21
filterzrdn_tabssharing\class-recipe-sharing-admin.php:22
actionadmin_noticessharing\class-recipe-sharing-admin.php:24
actionadmin_print_footer_scriptssharing\class-recipe-sharing-admin.php:755
actionadmin_initshepherd\tour.php:25
actionadmin_enqueue_scriptsshepherd\tour.php:26
actionenqueue_block_editor_assetssrc\block.php:44
actionadmin_initupgrade-zip.php:8
filterconnect_message_on_updatezip-recipes.php:81
actionplugins_loadedzip-recipes.php:144
actionadmin_initzip-recipes.php:275
filterwp_mail_content_type_inc\PluginBase.php:68
Maintenance & Trust

Recipe Cards For Your Food Blog from Zip Recipes Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8
Last updatedMay 3, 2024
PHP min version7.2
Downloads244K

Community Trust

Rating96/100
Number of ratings95
Active installs1K
Alternatives

Recipe Cards For Your Food Blog from Zip Recipes Alternatives

Tasty Recipes Lite

Tasty Recipes Lite

tasty-recipes-lite

A
98

The easiest recipe plugin to get your food blog up and running fast.

1K 2 CVEs
WP Recipe Maker

WP Recipe Maker

wp-recipe-maker

A
92

The easy and user-friendly recipe plugin for everyone. Automatic JSON-LD metadata for food AND how-to recipes will improve your SEO!

50K 20 CVEs
Recipe Card Blocks Lite

Recipe Card Blocks Lite

recipe-card-blocks-by-wpzoom

A
92

Recipe Card Blocks with Schema Markup — create SEO-optimized recipes with Gutenberg, Elementor & AMP support

10K 6 CVEs
FAQ Schema For Pages And Posts

FAQ Schema For Pages And Posts

faq-schema-for-pages-and-posts

A
85

FAQ Schema For Pages And Posts by Krystian Szastok Founder of RobotZebra - a London based SEO agency, allows you to turn questions and answers on your &hellip;

8K No CVEs
Create

Create

mediavine-create

A
95

Complete tool for creating and publishing recipes and other schema types on your site.

6K 4 CVEs
Developer Profile

Recipe Cards For Your Food Blog from Zip Recipes Developer Profile

Igor Benic

12 plugins · 2K total installs

68
trust score
Avg Security Score
84/100
Avg Patch Time
479 days
View full developer profile
Detection Fingerprints

How We Detect Recipe Cards For Your Food Blog from Zip Recipes

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/zip-recipes/assets/css/admin-style.css/wp-content/plugins/zip-recipes/assets/css/frontend-style.css/wp-content/plugins/zip-recipes/assets/css/magnific-popup.css/wp-content/plugins/zip-recipes/assets/css/owl.carousel.css/wp-content/plugins/zip-recipes/assets/css/style.css/wp-content/plugins/zip-recipes/assets/js/admin-script.js/wp-content/plugins/zip-recipes/assets/js/frontend-script.js/wp-content/plugins/zip-recipes/assets/js/magnific-popup.js+2 more
Script Paths
/wp-content/plugins/zip-recipes/assets/js/admin-script.js/wp-content/plugins/zip-recipes/assets/js/frontend-script.js/wp-content/plugins/zip-recipes/assets/js/magnific-popup.js/wp-content/plugins/zip-recipes/assets/js/owl.carousel.js/wp-content/plugins/zip-recipes/assets/js/script.js
Version Parameters
zip-recipes/assets/css/admin-style.css?ver=zip-recipes/assets/css/frontend-style.css?ver=zip-recipes/assets/css/magnific-popup.css?ver=zip-recipes/assets/css/owl.carousel.css?ver=zip-recipes/assets/css/style.css?ver=zip-recipes/assets/js/admin-script.js?ver=zip-recipes/assets/js/frontend-script.js?ver=zip-recipes/assets/js/magnific-popup.js?ver=zip-recipes/assets/js/owl.carousel.js?ver=zip-recipes/assets/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
zrdn-recipezrdn-recipe-detailszrdn-recipe-headerzrdn-recipe-titlezrdn-recipe-metadatazrdn-recipe-authorzrdn-recipe-publisherzrdn-recipe-datePublished+215 more
HTML Comments
Zip Recipes Plugin is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.You should have received a copy of the GNU General Public License along with Zip Recipes Plugin. If not, see <http://www.gnu.org/licenses/>.--exclude=plugins/AutomaticNutrition*--exclude=plugins/Authors*+14 more
Data Attributes
data-zrdn-recipe-iddata-zrdn-recipe-titledata-zrdn-recipe-url
JS Globals
window.zrdn_admin_ajax_urlwindow.zrdn_ajax_noncewindow.zrdn_plugin_settingswindow.zrdn_plugin_version
Shortcode Output
[zip-recipes][zip_recipes]
FAQ

Frequently Asked Questions about Recipe Cards For Your Food Blog from Zip Recipes