Ctrl + K
/ news / CVE
CVEPublished 2026-06-08Modified 2026-06-080 articles on news6 live referencesNVD data

CVE-2026-3011

Vulnerability data via NVD (ingested)

CVSS v3.1
6.4
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
EPSS percentile
Weaknesses (CWE)
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Description

The Recipe Card Blocks Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the recipe block's 'summary' and 'notes' attributes in all versions up to, and including, 3.4.13. This is due to the 'WPZOOM_Helpers::deserialize_block_attributes' method converting unicode-encoded sequences back into HTML characters after sanitization has already been applied. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that execute whenever a user accesses the published post or the print view of an injected recipe.

Timeline
Published 2026-06-08
Modified 2026-06-08

External references

NVDMITREExploit-DBGitHub PoCSploitusVulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts
vuln:CVE-2026-3011
Hosts Shodan has explicitly fingerprinted as vulnerable.
More intel sources (5)
Shodan report
vuln:CVE-2026-3011
Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2026-3011
Censys host search filtered to this CVE id.
grep.app
CVE-2026-3011
Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2026-3011
GitHub code search for direct mentions.
Google dork
"CVE-2026-3011" exploit -site:nvd.nist.gov
Write-ups and news, NVD excluded.

Known PoCs on GitHub (8)

CVE-2026-30118 repos
hiifong/starListPython
Export your star's repository list
★ 18·updated today
Nsbx/awesome-starsunknown
My Awesome List generated by : https://github.com/abhijithvijayan/stargazed
★ 10·updated today
Letlaka/redsun-bluehammer-undefend-detection-packunknown
Microsoft Defender XDR KQL detections for RedSun, BlueHammer, UnDefend, and CVE-2026-33825-related Defender abuse behaviors.
★ 8·updated 1mo ago
3ch0p01nt/RedSun_Undefendunknown
Detection methods, KQL hunt queries, and defensive recommendations for the RedSun and UnDefend Microsoft Defender zero-day vulnerabilities (April 2026)
★ 3·updated 1mo ago
DRA3V50/Network-Threat-IntelligencePython
Analyst-focused research and analysis of TCP/IP network traffic, open-source intelligence, cyber threat indicators, and vulnerability data in support of defensive cyber operations.
★ 2·updated today
brimstone/starsunknown
My starred GitHub repositories
★ 2·updated today
KasraSaiidi/HomeLabPython
Small side project of building a home lab from scratch
★ 1·updated 2w ago
rleviathan5/Bug-Bounty-Recon-ScriptPython
★ 1·updated 1mo ago
We haven't classified any articles referencing CVE-2026-3011 yet. The external references above still apply.