The Pz-LinkCard WordPress plugin through 2.5.1 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/0f7757c9-69fa-49db-90b0-40f0ff29bee7/ | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/0f7757c9-69fa-49db-90b0-40f0ff29bee7/ | Exploit Third Party Advisory |
Configurations
History
01 Apr 2025, 18:28
Type | Values Removed | Values Added |
---|---|---|
First Time |
Popozure pz-linkcard
Popozure |
|
CPE | cpe:2.3:a:popozure:pz-linkcard:*:*:*:*:*:wordpress:*:* | |
References | () https://wpscan.com/vulnerability/0f7757c9-69fa-49db-90b0-40f0ff29bee7/ - Exploit, Third Party Advisory | |
CWE | CWE-918 |
25 Mar 2025, 19:15
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.1 |
21 Nov 2024, 08:47
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References | () https://wpscan.com/vulnerability/0f7757c9-69fa-49db-90b0-40f0ff29bee7/ - |
28 Mar 2024, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-03-28 05:15
Updated : 2025-04-01 18:28
NVD link : CVE-2024-0677
Mitre link : CVE-2024-0677
CVE.ORG link : CVE-2024-0677
JSON object : View
Products Affected
popozure
- pz-linkcard
CWE
CWE-918
Server-Side Request Forgery (SSRF)