Skip to main content

Pz Linkcard

4 CVEs product

Monthly

CVE-2024-0677 MEDIUM POC This Month

The Pz-LinkCard WordPress plugin through 2.5.1 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Pz Linkcard
NVD WPScan
CVSS 3.1
5.1
EPSS
0.3%
CVE-2024-0673 MEDIUM POC This Month

The Pz-LinkCard WordPress plugin through 2.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Pz Linkcard
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-0672 HIGH POC This Week

The Pz-LinkCard WordPress plugin through 2.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Pz Linkcard
NVD WPScan
CVSS 3.1
7.1
EPSS
0.5%
CVE-2023-47790 MEDIUM This Month

Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability in Poporon Pz-LinkCard plugin <= 2.4.8 versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Pz Linkcard
NVD
CVSS 3.1
6.1
EPSS
0.2%
EPSS 0% CVSS 5.1
MEDIUM POC This Month

The Pz-LinkCard WordPress plugin through 2.5.1 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Pz Linkcard
NVD WPScan
EPSS 0% CVSS 6.1
MEDIUM POC This Month

The Pz-LinkCard WordPress plugin through 2.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Pz Linkcard
NVD WPScan
EPSS 0% CVSS 7.1
HIGH POC This Week

The Pz-LinkCard WordPress plugin through 2.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Pz Linkcard
NVD WPScan
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability in Poporon Pz-LinkCard plugin <= 2.4.8 versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Pz Linkcard
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy