Skip to main content

Simple Blog Card

3 CVEs product

Monthly

CVE-2026-32357 MEDIUM This Month

Simple Blog Card versions 2.37 and earlier contain a Server-Side Request Forgery vulnerability that allows authenticated attackers to make arbitrary requests from the affected server. An attacker with login credentials can leverage this to access internal resources, interact with backend services, or potentially exfiltrate sensitive data. No patch is currently available for this vulnerability.

SSRF Simple Blog Card
NVD VulDB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2023-4036 MEDIUM POC This Month

The Simple Blog Card WordPress plugin before 1.32 does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress Simple Blog Card
NVD WPScan
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-4035 MEDIUM POC This Month

The Simple Blog Card WordPress plugin before 1.31 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Simple Blog Card
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
EPSS 0% CVSS 6.4
MEDIUM This Month

Simple Blog Card versions 2.37 and earlier contain a Server-Side Request Forgery vulnerability that allows authenticated attackers to make arbitrary requests from the affected server. An attacker with login credentials can leverage this to access internal resources, interact with backend services, or potentially exfiltrate sensitive data. No patch is currently available for this vulnerability.

SSRF Simple Blog Card
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM POC This Month

The Simple Blog Card WordPress plugin before 1.32 does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress Simple Blog Card
NVD WPScan
EPSS 0% CVSS 5.4
MEDIUM POC This Month

The Simple Blog Card WordPress plugin before 1.31 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Simple Blog Card
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy