Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 10:4 a.m.10 views

CVE-2024-0677

The Pz-LinkCard WordPress plugin through 2.5.1 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks...

5.1CVSS6.8AI score0.00263EPSS
Exploits2References1
OSV
OSV
added 2024/03/28 5:15 a.m.5 views

CVE-2024-0677

The Pz-LinkCard WordPress plugin through 2.5.1 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks...

5.1CVSS7.4AI score0.00263EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/03/28 5:0 a.m.26 views

CVE-2024-0677 Pz-LinkCard <= 2.5.1 - Contributor+ SSRF

The Pz-LinkCard WordPress plugin through 2.5.1 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks...

6.7AI score0.00263EPSS
Exploits2References1
CVE
CVE
added 2024/03/28 5:0 a.m.74 views

CVE-2024-0677

CVE-2024-0677 is a confirmed SSRF vulnerability in the Pz-LinkCard WordPress plugin (versions ≤ 2.5.1). The flaw allows high-privilege users (e.g., Contributors) to ping arbitrary external hosts via certain shortcodes, enabling SSRF. Red Hat and Patchstack entries corroborate the issue and note a...

5.1CVSS9.2AI score0.00263EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2024/03/28 12:0 a.m.12 views

WordPress Pz-LinkCard Plugin < 2.5.3 is vulnerable to Server Side Request Forgery (SSRF)

Software Pz-LinkCard Type Plugin Vulnerable versions 2.5.3 Fixed in 2.5.3 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-0677 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID f4404e8dcdac Credits Dmitrii Ignatyev Required privilege...

7.3AI score0.00263EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder