5 matches found
CVE-2024-0677
The Pz-LinkCard WordPress plugin through 2.5.1 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks...
CVE-2024-0677
The Pz-LinkCard WordPress plugin through 2.5.1 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks...
CVE-2024-0677 Pz-LinkCard <= 2.5.1 - Contributor+ SSRF
The Pz-LinkCard WordPress plugin through 2.5.1 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks...
CVE-2024-0677
CVE-2024-0677 is a confirmed SSRF vulnerability in the Pz-LinkCard WordPress plugin (versions ≤ 2.5.1). The flaw allows high-privilege users (e.g., Contributors) to ping arbitrary external hosts via certain shortcodes, enabling SSRF. Red Hat and Patchstack entries corroborate the issue and note a...
WordPress Pz-LinkCard Plugin < 2.5.3 is vulnerable to Server Side Request Forgery (SSRF)
Software Pz-LinkCard Type Plugin Vulnerable versions 2.5.3 Fixed in 2.5.3 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-0677 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID f4404e8dcdac Credits Dmitrii Ignatyev Required privilege...