CVE-2026-2434

The Pz-LinkCard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blogcard' shortcode attributes in all versions up to, and including, 2.5.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

EUVD-2026-23567

The Pz-LinkCard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blogcard' shortcode attributes in all versions up to, and including, 2.5.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2026-2434

The Pz-LinkCard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blogcard' shortcode attributes in all versions up to, and including, 2.5.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

PT-2026-33522

Name of the Vulnerable Software and Affected Versions Pz-LinkCard versions prior to 2.5.8.2 Description The Pz-LinkCard plugin for WordPress contains a Stored Cross-Site Scripting issue. Authenticated attackers with Contributor-level access or higher can inject arbitrary web scripts into pages...

CVE-2025-8594

The Pz-LinkCard WordPress plugin before 2.5.7 does not validate a parameter before making a request to it, which could allow users with a role as low as Contributor to perform SSRF attack...

EUVD-2021-11924

Malware in sbrugna...

EUVD-2023-51888

Malicious code in bioql PyPI...

CVE-2024-0677

The Pz-LinkCard WordPress plugin through 2.5.1 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks...

CVE-2024-0673

The Pz-LinkCard WordPress plugin through 2.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF leading to Cross-Site Scripting XSS vulnerability in Poporon Pz-LinkCard plugin = 2.4.8 versions...

Pz-LinkCard <= 2.5.1 - Caching Management via CSRF

Description The plugin does not have CSRF checks when managing the caching feature, which could allow attackers to make logged in admin perform unwanted actions via CSRF attacks...

CVE-2023-47790

CVE-2023-47790 affects the WordPress plugin Pz-LinkCard (Poporon) and is caused by missing CSRF checks that enable a CSRF attack to trigger XSS in vulnerable versions. Public details indicate vulnerable versions include ≤ 2.5.2 (with older references listing ≤ 2.4.8) and that a fixed release is a...