CVE-2024-0677

The Pz-LinkCard WordPress plugin through 2.5.1 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks.
Configurations

Configuration 1 (hide)

cpe:2.3:a:popozure:pz-linkcard:*:*:*:*:*:wordpress:*:*

History

01 Apr 2025, 18:28

Type Values Removed Values Added
First Time Popozure pz-linkcard
Popozure
CPE cpe:2.3:a:popozure:pz-linkcard:*:*:*:*:*:wordpress:*:*
References () https://wpscan.com/vulnerability/0f7757c9-69fa-49db-90b0-40f0ff29bee7/ - () https://wpscan.com/vulnerability/0f7757c9-69fa-49db-90b0-40f0ff29bee7/ - Exploit, Third Party Advisory
CWE CWE-918

25 Mar 2025, 19:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.1

21 Nov 2024, 08:47

Type Values Removed Values Added
Summary
  • (es) El complemento Pz-LinkCard de WordPress hasta la versión 2.5.1 no impide que los usuarios hagan ping a hosts arbitrarios a través de algunos de sus códigos cortos, lo que podría permitir a usuarios con altos privilegios, como los contribuyentes, realizar ataques SSRF.
References () https://wpscan.com/vulnerability/0f7757c9-69fa-49db-90b0-40f0ff29bee7/ - () https://wpscan.com/vulnerability/0f7757c9-69fa-49db-90b0-40f0ff29bee7/ -

28 Mar 2024, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-03-28 05:15

Updated : 2025-04-01 18:28


NVD link : CVE-2024-0677

Mitre link : CVE-2024-0677

CVE.ORG link : CVE-2024-0677


JSON object : View

Products Affected

popozure

  • pz-linkcard
CWE
CWE-918

Server-Side Request Forgery (SSRF)