WordPress Recipe Card Blocks for Gutenberg & Elementor plugin <= 3.3.1 - Broken Access Control vulnerability

Vulnerability

The Recipe Card Blocks for Gutenberg & Elementor WordPress plugin (versions n/a through 3.3.1) contains a missing authorization vulnerability. The plugin fails to properly enforce access control checks on certain functionality, allowing exploitation of incorrectly configured access control security levels.

Exploitation

The available references do not provide specific exploitation steps. However, the vulnerability is categorized as missing authorization, implying that an attacker with network access to the WordPress site can trigger the vulnerable functionality without proper authentication, potentially by sending crafted requests to unsecured endpoints.

Impact

The exact impact is not detailed in the references. Based on the CVE description, the attacker can exploit incorrectly configured access control, potentially leading to unauthorized actions such as modifying recipe data, accessing restricted content, or other privilege escalation. The scope of compromise depends on the specific misconfigured access control levels.

Mitigation

The plugin has been updated to version 3.4.14 [1], but the available reference does not explicitly confirm that this version fixes the vulnerability. Users should update to the latest version and ensure proper access control configurations. No workaround is documented.