Lucene search
Dmitrii IgnatyevWPEX-ID:0F7757C9-69FA-49DB-90B0-40F0FF29BEE7HistoryMar 07, 2024 - 12:00 a.m.
Pz-LinkCard < 2.5.3 - Contributor+ SSRF
2024-03-0700:00:00
Dmitrii Ignatyev
32
pz-linkcard
version 2.5.3
contributor+
ssrf
exploit
post draft
internal server
Description The plugin does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks.
Setup a listener on a localhost/LAN host (such as nc -l 127.0.0.1 9000), then as a contributor, put the following shortcode in a post and save its draft: [blogcard url="http://127.0.0.1:9000"]
Notice that the internal server (localhost:9000) received the request when the draft was savedReferences
Related
cvelist
cvelist
CVE-2024-0677 Pz-LinkCard <= 2.5.1 - Contributor+ SSRF
2024-03-28 05:00:02
nvd
nvd
CVE-2024-0677
2024-03-28 05:15:49
cve
cve
CVE-2024-0677
2024-03-28 05:15:49
wpvulndb
wpvulndb
Pz-LinkCard < 2.5.3 - Contributor+ SSRF
2024-03-07 00:00:00
wordfence
wordfence
9.4 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Related for WPEX-ID:0F7757C9-69FA-49DB-90B0-40F0FF29BEE7